[PATCH] ALSA: usb-audio: ensure that cluster header size is enough

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I think we need a check to make sure that "hc_header.wLength" is large
enough for a struct struct uac3_cluster_header_descriptor.

Fixes: 9a2fe9b801f5 ("ALSA: usb: initial USB Audio Device Class 3.0 support")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

diff --git a/sound/usb/stream.c b/sound/usb/stream.c
index 67cf849aa16b..f7179ce39a19 100644
--- a/sound/usb/stream.c
+++ b/sound/usb/stream.c
@@ -968,6 +968,12 @@ snd_usb_get_audioformat_uac3(struct snd_usb_audio *chip,
 	 * and request Cluster Descriptor
 	 */
 	wLength = le16_to_cpu(hc_header.wLength);
+	if (wLength < sizeof(*cluster)) {
+		dev_err(&dev->dev,
+			"%u:%d : cluster header size too small %d\n",
+			iface_no, altno, wLength);
+		return ERR_PTR(-EIO);
+	}
 	cluster = kzalloc(wLength, GFP_KERNEL);
 	if (!cluster)
 		return ERR_PTR(-ENOMEM);
[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux