[Linux-stable-mirror] Patch "ALSA: usb-audio: Fix potential zero-division at parsing FU" has been added to the 3.18-stable tree
This is a note to let you know that I've just added the patch titled
ALSA: usb-audio: Fix potential zero-division at parsing FU
to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: alsa-usb-audio-fix-potential-zero-division-at-parsing-fu.patch and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From 8428a8ebde2db1e988e41a58497a28beb7ce1705 Mon Sep 17 00:00:00 2001
From: Takashi Iwai tiwai@suse.de Date: Tue, 21 Nov 2017 17:07:43 +0100 Subject: ALSA: usb-audio: Fix potential zero-division at parsing FU
From: Takashi Iwai tiwai@suse.de
commit 8428a8ebde2db1e988e41a58497a28beb7ce1705 upstream.
parse_audio_feature_unit() contains a code dividing potentially with zero when a malformed FU descriptor is passed. Although there is already a sanity check, it checks only the value zero, hence it can still lead to a zero-division when a value 1 is passed there.
Fix it by correcting the sanity check (and the error message thereof).
Fixes: 23caaf19b11e ("ALSA: usb-mixer: Add support for Audio Class v2.0") Signed-off-by: Takashi Iwai tiwai@suse.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- sound/usb/mixer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/sound/usb/mixer.c +++ b/sound/usb/mixer.c @@ -1380,9 +1380,9 @@ static int parse_audio_feature_unit(stru return -EINVAL; } csize = hdr->bControlSize; - if (!csize) { + if (csize <= 1) { usb_audio_dbg(state->chip, - "unit %u: invalid bControlSize == 0\n", + "unit %u: invalid bControlSize <= 1\n", unitid); return -EINVAL; }
Patches currently in stable-queue which might be from tiwai@suse.de are
queue-3.18/alsa-usb-audio-fix-potential-zero-division-at-parsing-fu.patch queue-3.18/alsa-timer-remove-kernel-warning-at-compat-ioctl-error-paths.patch queue-3.18/alsa-hda-add-raven-pci-id.patch queue-3.18/alsa-usb-audio-add-sanity-checks-in-v2-clock-parsers.patch queue-3.18/alsa-usb-audio-fix-potential-out-of-bound-access-at-parsing-su.patch queue-3.18/alsa-usb-audio-add-sanity-checks-to-fe-parser.patch
On Mon, 27 Nov 2017 16:57:37 +0100, gregkh@linuxfoundation.org wrote:
This is a note to let you know that I've just added the patch titled
ALSA: usb-audio: Fix potential zero-division at parsing FUto the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: alsa-usb-audio-fix-potential-zero-division-at-parsing-fu.patch and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
Please drop this commit. This turned out to be buggy and bogus. It'll be reverted soon later.
thanks,
Takashi
On Mon, Nov 27, 2017 at 04:59:51PM +0100, Takashi Iwai wrote:
On Mon, 27 Nov 2017 16:57:37 +0100, gregkh@linuxfoundation.org wrote:
This is a note to let you know that I've just added the patch titled
ALSA: usb-audio: Fix potential zero-division at parsing FUto the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: alsa-usb-audio-fix-potential-zero-division-at-parsing-fu.patch and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
Please drop this commit. This turned out to be buggy and bogus. It'll be reverted soon later.
Ok, will go drop it now from all of the stable trees, thanks for letting me know.
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
gregkh@linuxfoundation.org
-
Takashi Iwai