leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8866f405ef
linux/sound
History
Xi Wang 8866f405ef ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk() 
A malicious USB device could feed in a large nr_rates value.  This would
cause the subsequent call to kmemdup() to allocate a smaller buffer than
expected, leading to out-of-bounds access.

This patch validates the nr_rates value and reuses the limit introduced
in commit 4fa0e81b ("ALSA: usb-audio: fix possible hang and overflow
in parse_uac2_sample_rate_range()").

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2012-02-15 14:58:15 +01:00
..
aoa
arm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound 2012-01-12 08:00:30 -08:00
atmel Merge branch 'next' of git://git.infradead.org/users/vkoul/slave-dma 2012-01-17 18:40:24 -08:00
core Merge branch 'fix/asoc' into for-linus 2012-01-31 15:13:14 +01:00
drivers ALSA: module_param: make bool parameters really bool 2011-12-19 10:34:41 +01:00
firewire
i2c
isa ALSA: emu8000: Remove duplicate linux/moduleparam.h include from emu8000_patch.c 2012-02-06 10:22:54 +01:00
mips ALSA: Convert mips directory to module_platform_driver 2011-11-24 13:03:02 +01:00
oss Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound 2012-01-12 08:00:30 -08:00
parisc
pci ALSA: intel8x0: Fix default inaudible sound on Gateway M520 2012-02-14 09:33:47 +01:00
pcmcia ALSA: module_param: make bool parameters really bool 2011-12-19 10:34:41 +01:00
ppc Merge branch 'topic/misc' into for-linus 2012-01-12 09:59:14 +01:00
sh ALSA: module_param: make bool parameters really bool 2011-12-19 10:34:41 +01:00
soc ASoC: fsi: fixup fsi_pointer() calculation method 2012-02-09 10:50:53 +00:00
sparc ALSA: module_param: make bool parameters really bool 2011-12-19 10:34:41 +01:00
spi
synth
usb ALSA: usb-audio: avoid integer overflow in create_fixed_stream_quirk() 2012-02-15 14:58:15 +01:00
ac97_bus.c
Kconfig
last.c
Makefile
sound_core.c switch device_get_devnode() and ->devnode() to umode_t * 2012-01-03 22:54:55 -05:00
sound_firmware.c