ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces

The Scarlett2 mixer quirk in USB-audio driver may hit a NULL dereference when a malformed USB descriptor is passed, since it assumes the presence of an endpoint in the parsed interface in scarlett2_find_fc_interface(), as reported by fuzzer. For avoiding the NULL dereference, just add the sanity check of bNumEndpoints and skip the invalid interface. Reported-by: syzbot+8f29539ef9a1c8334f42@syzkaller.appspotmail.com Closes: https://lore.kernel.org/69acbbe1.050a0220.310d8.0001.GAE@google.com Reported-by: syzbot+ae893a8901067fde2741@syzkaller.appspotmail.com Closes: https://lore.kernel.org/69acf72a.050a0220.310d8.0004.GAE@google.com Cc: <stable@vger.kernel.org> Link: https://patch.msgid.link/20260309104632.141895-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai@suse.de>
author: Takashi Iwai <tiwai@suse.de> 2026-03-09 11:46:27 +0100
committer: Takashi Iwai <tiwai@suse.de> 2026-03-10 09:33:57 +0100
commit: df1d8abf36ca3681c21a6809eaa9a1e01ef897a6 (patch)
tree: fac0fdc8412cacdb4d548491a36409ac1e43ec1b /sound
parent: 542127f6528ca7cc3cf61e1651d6ccb58495f953 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/sound/usb/mixer_scarlett2.c b/sound/usb/mixer_scarlett2.c
index ef3150581eab..fd1fb668929a 100644
--- a/sound/usb/mixer_scarlett2.c
+++ b/sound/usb/mixer_scarlett2.c
@@ -8251,6 +8251,8 @@ static int scarlett2_find_fc_interface(struct usb_device *dev,
 
 		if (desc->bInterfaceClass != 255)
 			continue;
+		if (desc->bNumEndpoints < 1)
+			continue;
 
 		epd = get_endpoint(intf->altsetting, 0);
 		private->bInterfaceNumber = desc->bInterfaceNumber;
author	Takashi Iwai <tiwai@suse.de>	2026-03-09 11:46:27 +0100
committer	Takashi Iwai <tiwai@suse.de>	2026-03-10 09:33:57 +0100
commit	df1d8abf36ca3681c21a6809eaa9a1e01ef897a6 (patch)
tree	fac0fdc8412cacdb4d548491a36409ac1e43ec1b /sound
parent	542127f6528ca7cc3cf61e1651d6ccb58495f953 (diff)