ALSA: dice: fix buffer overflow in detect_stream_formats() - sugar/linux

diff options

author	Junrui Luo <moonafterrain@outlook.com>	2025-11-28 12:06:31 +0800
committer	Takashi Iwai <tiwai@suse.de>	2025-11-29 10:33:44 +0100
commit	324f3e03e8a85931ce0880654e3c3eb38b0f0bba (patch)
tree	11021dc042692151516f3f1f3a4454845967617b /tools/perf/util/header.c
parent	d01a3aad7f2c183152dec02202aa1d23ee02556c (diff)

ALSA: dice: fix buffer overflow in detect_stream_formats()

The function detect_stream_formats() reads the stream_count value directly from a FireWire device without validating it. This can lead to out-of-bounds writes when a malicious device provides a stream_count value greater than MAX_STREAMS. Fix by applying the same validation to both TX and RX stream counts in detect_stream_formats(). Reported-by: Yuhao Jiang <danisjiang@gmail.com> Reported-by: Junrui Luo <moonafterrain@outlook.com> Fixes: 58579c056c1c ("ALSA: dice: use extended protocol to detect available stream formats") Cc: stable@vger.kernel.org Reviewed-by: Takashi Sakamoto <o-takashi@sakamocchi.jp> Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Link: https://patch.msgid.link/SYBPR01MB7881B043FC68B4C0DA40B73DAFDCA@SYBPR01MB7881.ausprd01.prod.outlook.com Signed-off-by: Takashi Iwai <tiwai@suse.de>

Diffstat (limited to 'tools/perf/util/header.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: