Hi, as recently spotted by syzkaller, the parser codes in USB audio driver don't check the length of the descriptor unit before actually accessing the extra field, which may lead to out-of-bound access error. This patchset tries to address these by adding proper sanity checks. Takashi === Takashi Iwai (4): ALSA: usb-audio: Add sanity checks to FE parser ALSA: usb-audio: Fix potential out-of-bound access at parsing SU ALSA: usb-audio: Fix potential zero-division at parsing FU ALSA: usb-audio: Add sanity checks in v2 clock parsers sound/usb/clock.c | 9 ++++++--- sound/usb/mixer.c | 19 ++++++++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-) -- 2.15.0 _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
