ALSA: usb-audio: Add sanity checks to FE parser (d937cd67) · Commits · e / devices / android_kernel_teracube_mt6765

sound/usb/mixer.c

+12 −0

Original line number	Diff line number	Diff line
		@@ -1469,6 +1469,12 @@ static int parse_audio_feature_unit(struct mixer_build *state, int unitid,
		__u8 *bmaControls;

		if (state->mixer->protocol == UAC_VERSION_1) {
		if (hdr->bLength < 7) {
		usb_audio_err(state->chip,
		"unit %u: invalid UAC_FEATURE_UNIT descriptor\n",
		unitid);
		return -EINVAL;
		}
		csize = hdr->bControlSize;
		if (!csize) {
		usb_audio_dbg(state->chip,
		@@ -1486,6 +1492,12 @@ static int parse_audio_feature_unit(struct mixer_build *state, int unitid,
		}
		} else {
		struct uac2_feature_unit_descriptor *ftr = _ftr;
		if (hdr->bLength < 6) {
		usb_audio_err(state->chip,
		"unit %u: invalid UAC_FEATURE_UNIT descriptor\n",
		unitid);
		return -EINVAL;
		}
		csize = 4;
		channels = (hdr->bLength - 6) / 4 - 1;
		bmaControls = ftr->bmaControls;