Re: [PATCH] ALSA: dice: fix buffer overflow in detect_stream_formats()

Next message: Krzysztof Kozlowski: "Re: [PATCH 3/3] arm64: dts: qcom: qcs8300: Add clocks for QoS configuration"
Previous message: Krzysztof Kozlowski: "Re: [PATCH 1/3] dt-bindings: interconnect: add clocks property to enable QoS on qcs8300"
In reply to: Junrui Luo: "[PATCH] ALSA: dice: fix buffer overflow in detect_stream_formats()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Takashi Iwai

Date: Sat Nov 29 2025 - 04:34:07 EST

On Fri, 28 Nov 2025 05:06:31 +0100,
Junrui Luo wrote:
>
> The function detect_stream_formats() reads the stream_count value directly
> from a FireWire device without validating it. This can lead to
> out-of-bounds writes when a malicious device provides a stream_count value
> greater than MAX_STREAMS.
>
> Fix by applying the same validation to both TX and RX stream counts in
> detect_stream_formats().
>
> Reported-by: Yuhao Jiang <danisjiang@xxxxxxxxx>
> Reported-by: Junrui Luo <moonafterrain@xxxxxxxxxxx>
> Fixes: 58579c056c1c ("ALSA: dice: use extended protocol to detect available stream formats")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Junrui Luo <moonafterrain@xxxxxxxxxxx>

Applied now. Thanks.

Takashi