On Sat, 17 Aug 2019 18:47:05 +0200,
Hui Peng wrote:
>
> No, there was not triggering. I found it accidentally when I was going through
> the code.
>
> Yeah, you are right. it is handled in the last check. Is it defined in the
> spec that the descriptor needs to have 4/6/2 additional bytes for the
On Sat, 17 Aug 2019 17:57:38 +0200,
Hui Peng wrote:
>
> Looking around, there are other suspicious codes. E.g., in the following
> function, it seems to be the same as `uac_mixer_unit_bmControls`, but it is
> accessing `desc->bNrInPins + 5`, in case of UAC_VERSION_1.
> Is this intended?
Yes, this
On Sat, 17 Aug 2019 06:32:07 +0200,
Hui Peng wrote:
>
> `uac_mixer_unit_get_channels` calls `uac_mixer_unit_bmControls`
> to get pointer to bmControls field. The current implementation of
> `uac_mixer_unit_get_channels` does properly check the size of
> uac_mixer_unit_descriptor descriptor and may
3 matches
Mail list logo
