Hello, I adapted the following patch from netbsd to prevent a division by zero in the uaudio driver.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/usb/uaudio.c.diff?r1=1.142&r2=1.143&f=h I haven't encountered this problem with my own device but possibly it can be triggered by some device or by a usb fuzzer. - Michael Index: uaudio.c =================================================================== RCS file: /cvs/src/sys/dev/usb/uaudio.c,v retrieving revision 1.131 diff -u -p -u -r1.131 uaudio.c --- uaudio.c 30 Jul 2018 11:51:42 -0000 1.131 +++ uaudio.c 7 Aug 2018 09:51:47 -0000 @@ -1069,15 +1069,19 @@ uaudio_add_feature(struct uaudio_softc * const struct usb_audio_feature_unit *d = iot[id].d.fu; uByte *ctls = (uByte *)d->bmaControls; int ctlsize = d->bControlSize; - int nchan = (d->bLength - 7) / ctlsize; u_int fumask, mmask, cmask; struct mixerctl mix; - int chan, ctl, i, unit; + int chan, ctl, i, nchan, unit; const char *mixername; #define GET(i) (ctls[(i)*ctlsize] | \ (ctlsize > 1 ? ctls[(i)*ctlsize+1] << 8 : 0)) + if (ctlsize == 0) { + DPRINTF(("ignoring feature %d: bControlSize == 0\n", id)); + return; + } + nchan = (d->bLength - 7) / ctlsize; mmask = GET(0); /* Figure out what we can control */ for (cmask = 0, chan = 1; chan < nchan; chan++) {
