Re: [PATCH] ALSA: FCP: Fix NULL pointer dereference in interface lookup

Next message: Christoph Hellwig: "Re: [PATCH 8/8] lib/raid/xor: x86: Add AVX-512 optimized xor_gen()"
Previous message: Takashi Iwai: "Re: [PATCH v3] ALSA: hda/realtek: Enable internal speakers on Razer Blade 16 (2025)"
In reply to: Jiaming Zhang: "[PATCH] ALSA: FCP: Fix NULL pointer dereference in interface lookup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Takashi Iwai

Date: Fri Jun 26 2026 - 01:49:48 EST

On Thu, 25 Jun 2026 15:49:33 +0200,
Jiaming Zhang wrote:
>
> A malformed USB device can provide a vendor-specific interface without
> any endpoint descriptors. fcp_find_fc_interface() currently selects the
> first vendor-specific interface and reads endpoint 0 from it, without
> checking whether the interface actually has any endpoints.
>
> When bNumEndpoints is zero, no endpoint array is allocated for the parsed
> alternate setting, so get_endpoint(..., 0) yields an invalid endpoint
> descriptor pointer. Dereferencing it through usb_endpoint_num() then
> triggers a NULL pointer dereference.
>
> Skip vendor-specific interfaces that do not have any endpoints.
>
> Fixes: 46757a3e7d50 ("ALSA: FCP: Add Focusrite Control Protocol driver")
> Reported-by: Jiaming Zhang <r772577952@xxxxxxxxx>
> Closes: https://lore.kernel.org/lkml/CANypQFb1EHj0xX8bA1WxSOSK-5xca6ZNKzOQcp12=s=puY7VFw@xxxxxxxxxxxxxx/
> Signed-off-by: Jiaming Zhang <r772577952@xxxxxxxxx>

Applied now. Thanks.

Takashi