ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0

A malicious USB device with the TASCAM US-144MKII device id can have a
configuration containing bInterfaceNumber=1 but no interface 0.  USB
configuration descriptors are not required to assign interface numbers
sequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will
then be dereferenced directly.

Fix this up by checking the return value properly.

Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Takashi Iwai <tiwai@suse.com>
Fixes: dee1bcf28a3d ("ALSA: usb-audio: Add initial driver for TASCAM US-144MKII")
Cc: stable <stable@kernel.org>
Assisted-by: gregkh_clanker_t1000
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://patch.msgid.link/2026040955-fall-gaining-e338@gregkh
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/sound/usb/usx2y/us144mkii.c b/sound/usb/usx2y/us144mkii.c
index 0cf4fa74e210ac193bc5662b8d9837eeba58e996..94553b61013c5214c0481a75f7f162d8cad382b6 100644 (file)
--- a/sound/usb/usx2y/us144mkii.c
+++ b/sound/usb/usx2y/us144mkii.c
@@ -420,7 +420,11 @@ static int tascam_probe(struct usb_interface *intf,
 
        /* The device has two interfaces; we drive both from this driver. */
        if (intf->cur_altsetting->desc.bInterfaceNumber == 1) {
-               tascam = usb_get_intfdata(usb_ifnum_to_if(dev, 0));
+               struct usb_interface *intf_zero = usb_ifnum_to_if(dev, 0);
+
+               if (!intf_zero)
+                       return -ENODEV;
+               tascam = usb_get_intfdata(intf_zero);
                if (tascam) {
                        usb_set_intfdata(intf, tascam);
                        tascam->iface1 = intf;