Re: [PATCH] media: usb: siano: Fix general protection fault in smsusb

From: Johan Hovold
Date: Wed May 08 2019 - 02:02:09 EST

Next message: Gao Xiang: "Re: linux-next: manual merge of the staging tree with the block tree"
Previous message: Adrian Hunter: "Re: [PATCH 2/2] mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 07, 2019 at 12:39:47PM -0400, Alan Stern wrote:
> The syzkaller USB fuzzer found a general-protection-fault bug in the
> smsusb part of the Siano DVB driver. The fault occurs during probe
> because the driver assumes without checking that the device has both
> IN and OUT endpoints and the IN endpoint is ep1.
>
> By slightly rearranging the driver's initialization code, we can make
> the appropriate checks early on and thus avoid the problem. If the
> expected endpoints aren't present, the new code safely returns -ENODEV
> from the probe routine.
>
> Signed-off-by: Alan Stern <stern@xxxxxxxxxxxxxxxxxxx>
> Reported-and-tested-by: syzbot+53f029db71c19a47325a@xxxxxxxxxxxxxxxxxxxxxxxxx
> CC: <stable@xxxxxxxxxxxxxxx>

Reviewed-by: Johan Hovold <johan@xxxxxxxxxx>

Next message: Gao Xiang: "Re: linux-next: manual merge of the staging tree with the block tree"
Previous message: Adrian Hunter: "Re: [PATCH 2/2] mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]