diff options
| author | Takashi Iwai <tiwai@suse.de> | 2016-03-15 12:09:10 +0100 |
|---|---|---|
| committer | Andreas Blaesius <skate4life@gmx.de> | 2016-11-09 00:23:11 +0100 |
| commit | e101f7e8168fbbfccc9ae76559013a25cb768854 (patch) | |
| tree | 55f9b4739a623cf0116e9a40f79b78f64e8c2799 | |
| parent | a740e32240c1a49f5239722da777b6524bac5f67 (diff) | |
| download | kernel_samsung_espresso10-e101f7e8168fbbfccc9ae76559013a25cb768854.zip kernel_samsung_espresso10-e101f7e8168fbbfccc9ae76559013a25cb768854.tar.gz kernel_samsung_espresso10-e101f7e8168fbbfccc9ae76559013a25cb768854.tar.bz2 | |
ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
commit 0f886ca12765d20124bd06291c82951fd49a33be upstream.
create_fixed_stream_quirk() may cause a NULL-pointer dereference by
accessing the non-existing endpoint when a USB device with a malformed
USB descriptor is used.
This patch avoids it simply by adding a sanity check of bNumEndpoints
before the accesses.
Change-Id: I94025f3eec256347b50805b388940774e559dae2
Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=971125
Signed-off-by: Takashi Iwai <tiwai@suse.de>
[bwh: Backported to 3.2:
- There's no altsd variable
- Adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
| -rw-r--r-- | sound/usb/quirks.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c index 4a650ab..62b955b 100644 --- a/sound/usb/quirks.c +++ b/sound/usb/quirks.c @@ -164,6 +164,12 @@ static int create_fixed_stream_quirk(struct snd_usb_audio *chip, return -EINVAL; } alts = &iface->altsetting[fp->altset_idx]; + if (get_iface_desc(alts)->bNumEndpoints < 1) { + kfree(fp); + kfree(rate_table); + return -EINVAL; + } + fp->datainterval = snd_usb_parse_datainterval(chip, alts); fp->maxpacksize = le16_to_cpu(get_endpoint(alts, 0)->wMaxPacketSize); usb_set_interface(chip->dev, fp->iface, 0); |