Re: [PATCH] ALSA: dice: fix buffer overflow in detect_stream_formats()

29 Nov 2025


      On Fri, 28 Nov 2025 05:06:31 +0100,
Junrui Luo wrote:
...
The function detect_stream_formats() reads the stream_count value directly
from a FireWire device without validating it. This can lead to
out-of-bounds writes when a malicious device provides a stream_count value
greater than MAX_STREAMS.
Fix by applying the same validation to both TX and RX stream counts in
detect_stream_formats().
Reported-by: Yuhao Jiang danisjiang@gmail.com
Reported-by: Junrui Luo moonafterrain@outlook.com
Fixes: 58579c056c1c ("ALSA: dice: use extended protocol to detect available stream formats")
Cc: stable@vger.kernel.org
Signed-off-by: Junrui Luo moonafterrain@outlook.com
Applied now.  Thanks.
Takashi

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH] ALSA: dice: fix buffer overflow in detect_stream_formats()