CVE-2026-46088

In the Linux kernel, the following vulnerability has been resolved:

ALSA: control: Validate buf len before strnlen() in snd ctl elem init enum names()

snd ctl elem init enum names() advances pointer p through the names buffer while decrementing buf len. If buf len reaches zero but items remain, the next iteration calls strnlen(p, 0).

While strnlen(p, 0) returns 0 and would hit the existing name len == 0 error path, CONFIG FORTIFY SOURCE's fortified strnlen() first checks maxlen against builtin dynamic object size(). When Clang loses track of p's object size inside the loop, this triggers a BRK exception panic before the return value is examined.

Add a buf len == 0 guard at the loop entry to prevent calling fortified strnlen() on an exhausted buffer.

Found by kernel fuzz testing through Xiaomi Smartphone.