diff options
| author | Jiaming Zhang <r772577952@gmail.com> | 2026-06-25 21:49:33 +0800 |
|---|---|---|
| committer | Takashi Iwai <tiwai@suse.de> | 2026-06-26 07:46:59 +0200 |
| commit | e1e31e0ec8a609e17fd2e86b77bc00d9cbb24d7c (patch) | |
| tree | 29a9b9af113b578b625a115338d76d2cf318e8f4 | |
| parent | 9dbbe81962b973fe71592ad8615d1e6cd28451bf (diff) | |
ALSA: FCP: Fix NULL pointer dereference in interface lookup
A malformed USB device can provide a vendor-specific interface without
any endpoint descriptors. fcp_find_fc_interface() currently selects the
first vendor-specific interface and reads endpoint 0 from it, without
checking whether the interface actually has any endpoints.
When bNumEndpoints is zero, no endpoint array is allocated for the parsed
alternate setting, so get_endpoint(..., 0) yields an invalid endpoint
descriptor pointer. Dereferencing it through usb_endpoint_num() then
triggers a NULL pointer dereference.
Skip vendor-specific interfaces that do not have any endpoints.
Fixes: 46757a3e7d50 ("ALSA: FCP: Add Focusrite Control Protocol driver")
Reported-by: Jiaming Zhang <r772577952@gmail.com>
Closes: https://lore.kernel.org/lkml/CANypQFb1EHj0xX8bA1WxSOSK-5xca6ZNKzOQcp12=s=puY7VFw@mail.gmail.com/
Signed-off-by: Jiaming Zhang <r772577952@gmail.com>
Link: https://patch.msgid.link/20260625134933.425785-1-r772577952@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
| -rw-r--r-- | sound/usb/fcp.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sound/usb/fcp.c b/sound/usb/fcp.c index ea746bdb36ff..6f5dcd35e1d4 100644 --- a/sound/usb/fcp.c +++ b/sound/usb/fcp.c @@ -1083,6 +1083,8 @@ static int fcp_find_fc_interface(struct usb_mixer_interface *mixer) if (desc->bInterfaceClass != 255) continue; + if (desc->bNumEndpoints < 1) + continue; epd = get_endpoint(intf->altsetting, 0); private->bInterfaceNumber = desc->bInterfaceNumber; |