Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp985954imu; Fri, 11 Jan 2019 12:44:53 -0800 (PST) X-Google-Smtp-Source: ALg8bN6ob5htNy1YvlYweTn4UZwxTl1M6TCT8gwkoTTuXH9B+CLVMr4Y15W+QZixl7VQekGsQMq/ X-Received: by 2002:a63:4b25:: with SMTP id y37mr12870292pga.181.1547239493549; Fri, 11 Jan 2019 12:44:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547239493; cv=none; d=google.com; s=arc-20160816; b=0Jj8qPrlSH8vnAtYAPo4hxTSldKFtRUCYoJp0jFMx0UfKHMb7dJZEU2fzVrUA1Xn7N pb4RKdJDx8v5rUwPWstZ3TUM4PI6bz41O+pq2z7YS5udT32B+KrD2q0JgqoOWmeyYYqO BzkuFvZZUR+SGpBIzquaDEKEs3W1f4S4gMqHACigixC/34kK4c5c7XAPXUuP7qF+HYZO ZRL2+yJI9gBqHlubOfyT7ZeEejJXGBaHCX6Xi6Y1woVrQRu0cS6jgeOw4IoOakAWGmwX I4AUw+3A9tmO/s7gnkj2hqcynYM4Imqt8SIywum/oDZx9/l0EyreAIrlOoA/+/rmwz96 Nasw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=tI8y0dSz6MU2X/vhARftWlJumorr4/Y2v7kaHQJD8ng=; b=rCxKbK0fqdNdFmLcN5jkmdueBocHTGuHH+oqmWw8mjwB7g8Hi+ifNR2EjbSaAdTsLV GQI3H5Ijx5DxPCtBSHvt6QsgfbAau9O+92Tn6g5mXcBFdcQPNsAYkbxDD69NOZoypUR6 MRX3QA/VJIGyHwK/+OnxYl4WhzPo2Zgio52/+fYvwy1zXwSyWWBVVPwDZFKDaGp0XnWs 0Z+uxoM+ksuHEgUEdOl2fB7zX3OUGVZt8nEhKbETMboKUvtFLc0ygi0mqRcxX5fSK0// LptIUkiKc6832Y3z6GZn4rIukENSMLzaXkegriJ2wJ7LopTpsdlA1pi/LoHCPkN6pz4v W59Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Vc9ALAtg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 68si15745740pgh.320.2019.01.11.12.44.38; Fri, 11 Jan 2019 12:44:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Vc9ALAtg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404132AbfAKOmR (ORCPT + 99 others); Fri, 11 Jan 2019 09:42:17 -0500 Received: from mail.kernel.org ([198.145.29.99]:35004 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403849AbfAKOmO (ORCPT ); Fri, 11 Jan 2019 09:42:14 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 319AE2063F; Fri, 11 Jan 2019 14:42:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1547217733; bh=hIyh7yJBlo1giRYT7MV36POdXSixKf/3ALszA812lPM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Vc9ALAtgVtSd6sEygvtIxUy9acjhDahrWVHnpSTrwh7kFlZcCwrIx0t3BRRv3z7Tt 3JkKouWVNOZuCHOJia485woZWSPbeZn8NeM3RWJJKMWLoVbMtS9l2ZJAJPRtcnpP9s /iCYr+SqWQEXHe5o4xVNo48WgnPkh3k+8B70/SuQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hui Peng , Takashi Iwai Subject: [PATCH 4.20 21/65] ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks Date: Fri, 11 Jan 2019 15:15:07 +0100 Message-Id: <20190111131059.341067829@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190111131055.331350141@linuxfoundation.org> References: <20190111131055.331350141@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ From: Hui Peng commit cbb2ebf70daf7f7d97d3811a2ff8e39655b8c184 upstream. In `create_composite_quirk`, the terminating condition of for loops is `quirk->ifnum < 0`. So any composite quirks should end with `struct snd_usb_audio_quirk` object with ifnum < 0. for (quirk = quirk_comp->data; quirk->ifnum >= 0; ++quirk) { ..... } the data field of Bower's & Wilkins PX headphones usb device device quirks do not end with {.ifnum = -1}, wihch may result in out-of-bound read. This Patch fix the bug by adding an ending quirk object. Fixes: 240a8af929c7 ("ALSA: usb-audio: Add a quirck for B&W PX headphones") Signed-off-by: Hui Peng Cc: Signed-off-by: Takashi Iwai Signed-off-by: Greg Kroah-Hartman --- sound/usb/quirks-table.h | 6 ++++++ 1 file changed, 6 insertions(+) --- a/sound/usb/quirks-table.h +++ b/sound/usb/quirks-table.h @@ -3326,6 +3326,9 @@ AU0828_DEVICE(0x2040, 0x7270, "Hauppauge } } }, + { + .ifnum = -1 + }, } } }, @@ -3369,6 +3372,9 @@ AU0828_DEVICE(0x2040, 0x7270, "Hauppauge } } }, + { + .ifnum = -1 + }, } } },