Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-06 05:02:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6ab55ec0a9
linux-next/sound
History
Zheyu Ma 6ab55ec0a9 ALSA: control: Fix an out-of-bounds bug in get_ctl_id_hash() 
Since the user can control the arguments provided to the kernel by the
ioctl() system call, an out-of-bounds bug occurs when the 'id->name'
provided by the user does not end with '\0'.

The following log can reveal it:

[    10.002313] BUG: KASAN: stack-out-of-bounds in snd_ctl_find_id+0x36c/0x3a0
[    10.002895] Read of size 1 at addr ffff888109f5fe28 by task snd/439
[    10.004934] Call Trace:
[    10.007140]  snd_ctl_find_id+0x36c/0x3a0
[    10.007489]  snd_ctl_ioctl+0x6cf/0x10e0

Fix this by checking the bound of 'id->name' in the loop.

Fixes: c27e1efb61 ("ALSA: control: Use xarray for faster lookups")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Link: https://lore.kernel.org/r/20220824081654.3767739-1-zheyuma97@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-08-24 11:41:53 +02:00
..
ac97 ALSA: ac97: Replace sprintf() with sysfs_emit() 2022-08-02 16:03:41 +02:00
aoa ALSA: aoa: Replace sprintf() with sysfs_emit() 2022-08-02 16:03:42 +02:00
arm ASoC: pxa: ac97: use normal MMIO accessors 2022-05-07 22:55:49 +02:00
atmel
core ALSA: control: Fix an out-of-bounds bug in get_ctl_id_hash() 2022-08-24 11:41:53 +02:00
drivers ALSA: Add generic serial MIDI driver using serial bus API 2022-05-12 11:54:13 +02:00
firewire ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes 2022-04-25 08:03:49 +02:00
hda ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array 2022-08-24 07:59:10 +02:00
i2c ALSA: i2c: tea6330t: Remove redundant initialization of variable err 2021-06-12 09:32:14 +02:00
isa ALSA: wavefront: remove redundant assignment to pointer end 2022-07-04 14:29:27 +02:00
mips ALSA: mips: Use platform_get_irq() to get the interrupt 2022-02-28 16:59:01 +01:00
oss sound/oss/dmasound: fix 'dmasound_setup' defined but not used 2022-04-15 09:17:37 +02:00
parisc parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU 2022-08-17 18:02:12 +02:00
pcmcia ALSA: vx: Manage vx_core object with devres 2021-07-19 16:17:09 +02:00
ppc powerpc/machdep: Move sys_ctrler_t definition into pmac_feature.h 2022-02-07 21:02:20 +11:00
sh
soc sound fixes for 6.0-rc2 2022-08-19 09:46:11 -07:00
sparc ALSA: sparc: no need to initialise statics to 0 2021-12-12 10:01:04 +01:00
spi sound:spi: remove reference to AVR32 in Atmel AT73C213 DAC driver 2022-08-03 11:11:26 +02:00
synth ALSA: synth: missing check for possible NULL after the call to kstrdup 2021-11-09 07:18:50 +01:00
usb ALSA: usb-audio: make read-only array marker static const 2022-08-10 11:53:27 +02:00
virtio virtio: wrap config->reset calls 2022-01-14 18:50:52 -05:00
x86 ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() 2022-06-17 10:46:38 +02:00
xen xen/sndfront: use xenbus_setup_ring() and xenbus_teardown_ring() 2022-05-19 14:22:08 +02:00
ac97_bus.c
Kconfig
last.c
Makefile
sound_core.c sound: core: Remove redundant variable and return the last statement 2022-02-28 17:57:14 +01:00