qemu/hw/audio
Manos Pitsidianakis 9b6083465f virtio-snd: check for invalid param shift operands
When setting the parameters of a PCM stream, we compute the bit flag
with the format and rate values as shift operand to check if they are
set in supported_formats and supported_rates.

If the guest provides a format/rate value which when shifting 1 results
in a value bigger than the number of bits in
supported_formats/supported_rates, we must report an error.

Previously, this ended up triggering the not reached assertions later
when converting to internal QEMU values.

Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2416
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <virtio-snd-fuzz-2416-fix-v1-manos.pitsidianakis@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21 14:43:02 -04:00
..
ac97.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
ac97.h hw/audio/ac97: Split off some definitions to a header 2023-02-27 22:29:02 +01:00
adlib.c audio: propagate Error * out of audio_init 2023-10-03 10:29:40 +02:00
asc.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
cs4231.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
cs4231a.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
es1370.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
fmopl.c audio: spelling fixes 2023-09-08 13:08:52 +03:00
fmopl.h audio: spelling fixes 2023-09-08 13:08:52 +03:00
gus.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
gusemu_hal.c audio: spelling fixes 2023-09-08 13:08:52 +03:00
gusemu_mixer.c hw/audio/gus: Fix registers 32-bit access 2020-06-19 11:20:09 +02:00
gusemu.h audio: GUSsample is int16_t 2017-05-04 09:16:05 +02:00
gustate.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
hda-codec-common.h hda-codec: make mixemu selectable at runtime 2013-09-24 10:29:34 +02:00
hda-codec.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
intel-hda-defs.h audio: spelling fixes 2023-09-08 13:08:52 +03:00
intel-hda.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
intel-hda.h hw/audio: Simplify hda audio init 2023-09-22 16:30:07 +02:00
Kconfig Add virtio-sound device stub 2023-11-07 03:39:10 -05:00
lm4549.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
lm4549.h hw/audio/lm4549: Add errp error reporting to init function 2023-09-22 16:30:07 +02:00
marvell_88w8618.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
meson.build Add virtio-sound-pci device 2023-11-07 03:39:10 -05:00
pcspk.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
pl041.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
pl041.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
pl041.hx hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
sb16.c hw/audio/sb16: Do not migrate qdev properties 2024-01-05 16:20:15 +01:00
soundhw.c hw/audio/soundhw: Clean up global variable shadowing 2023-10-06 13:16:57 +02:00
trace-events virtio-sound: implement audio capture (RX) 2023-11-07 03:39:10 -05:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
via-ac97.c hw/audio/via-ac97: Route interrupts using via_isa_set_irq() 2023-11-28 14:26:37 +01:00
virtio-snd-pci.c hw/audio/virtio-snd-pci: fix the PCI class code 2023-12-02 15:56:49 -05:00
virtio-snd.c virtio-snd: check for invalid param shift operands 2024-07-21 14:43:02 -04:00
wm8750.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00