On Fri, 24 May 2019, Mauro Carvalho Chehab wrote: > Em Tue, 7 May 2019 12:39:47 -0400 (EDT) > Alan Stern <[email protected]> escreveu: > > > The syzkaller USB fuzzer found a general-protection-fault bug in the > > smsusb part of the Siano DVB driver. The fault occurs during probe > > because the driver assumes without checking that the device has both > > IN and OUT endpoints and the IN endpoint is ep1. > > > > By slightly rearranging the driver's initialization code, we can make > > the appropriate checks early on and thus avoid the problem. If the > > expected endpoints aren't present, the new code safely returns -ENODEV > > from the probe routine. > > > > Signed-off-by: Alan Stern <[email protected]> > > Reported-and-tested-by: > > [email protected] > > CC: <[email protected]>
> Patch looks correct, and I'm applying it. It exposes another potential > problem though: what happens if sizeof(desc.wMaxPacketSize) < sizeof(struct > sms_msg_hdr)? > > I'm enclosing a followup patch that should solve this situation > (and clean up a sparse warning). > > Thanks, > Mauro Your points are well taken. However, Greg KH has already taken the original patch and a fix for the sparse warning into his tree. I guess the two of you should figure out how best to straighten this out. Alan Stern
