TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5e8c311318
twx-linux/include
History
Takashi Iwai ce4f77bef2 ALSA: ump: Fix buffer overflow at UMP SysEx message conversion 
[ Upstream commit 56f1f30e6795b890463d9b20b11e576adf5a2f77 ]

The conversion function from MIDI 1.0 to UMP packet contains an
internal buffer to keep the incoming MIDI bytes, and its size is 4, as
it was supposed to be the max size for a MIDI1 UMP packet data.
However, the implementation overlooked that SysEx is handled in a
different format, and it can be up to 6 bytes, as found in
do_convert_to_ump().  It leads eventually to a buffer overflow, and
may corrupt the memory when a longer SysEx message is received.

The fix is simply to extend the buffer size to 6 to fit with the SysEx
UMP message.

Fixes: 0b5288f5fe63 ("ALSA: ump: Add legacy raw MIDI support")
Reported-by: Argusee <vr@darknavy.com>
Link: https://patch.msgid.link/20250429124845.25128-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-05-09 09:44:00 +02:00
..
acpi LoongArch: Fix warnings during S3 suspend 2025-02-08 09:52:27 +01:00
asm-generic mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() 2025-03-13 12:58:38 +01:00
clocksource x86/hyperv: Fix hv tsc page based sched_clock for hibernation 2025-01-10 14:31:36 +01:00
crypto crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes 2025-01-09 13:31:52 +01:00
drm drm/tests: helpers: Create kunit helper to destroy a drm_display_mode 2025-04-25 10:45:08 +02:00
dt-bindings dt-bindings: clock: sunxi: Export PLL_VIDEO_2X and PLL_MIPI 2025-02-08 09:51:55 +01:00
keys
kunit
kvm
linux pds_core: check health in devcmd wait 2025-05-09 09:43:58 +02:00
math-emu
media media: subdev: Add v4l2_subdev_is_streaming() 2025-05-02 07:50:37 +02:00
memory
misc
net net: Rename mono_delivery_time to tstamp_type for scalabilty 2025-05-09 09:43:57 +02:00
pcmcia
ras
rdma RDMA/core: Don't expose hw_counters outside of init net namespace 2025-04-10 14:37:30 +02:00
rv rv: Reset per-task monitors also for idle tasks 2025-02-17 09:40:32 +01:00
scsi scsi: Remove scsi device no_start_on_resume flag 2024-10-17 15:24:11 +02:00
soc net: mscc: ocelot: treat 802.1ad tagged traffic as 802.1Q-untagged 2025-05-09 09:43:58 +02:00
sound ALSA: ump: Fix buffer overflow at UMP SysEx message conversion 2025-05-09 09:44:00 +02:00
target
trace tracing: Add __print_dynamic_array() helper 2025-05-02 07:50:37 +02:00
uapi landlock: Add the errata interface 2025-04-25 10:45:57 +02:00
ufs scsi: ufs: core: Add UFS RTC support 2025-03-07 16:45:35 +01:00
vdso
video
xen xen/mcelog: Add __nonstring annotations for unterminated strings 2025-04-25 10:45:11 +02:00