qemu/hw
Volker Rümelin 7fc6611cad hw/audio/virtio-sound: fix heap buffer overflow
Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that the fields in the device configuration space
are driver-read-only.

Remove the set_config function from the virtio_snd class.

This also prevents a heap buffer overflow. See QEMU issue #2296.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2296
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240901130112.8242-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-09-11 09:46:14 -04:00
..
9pfs hw/xen: Make XenDevOps structures const 2024-06-04 11:53:43 +02:00
acpi hw/acpi: Update CPUs AML with cpu-(ctrl)dev change 2024-07-22 20:15:41 -04:00
adc aspeed/adc: Add AST2700 support 2024-07-21 07:46:38 +02:00
alpha alpha: switch boards to "default y" 2024-05-03 15:47:47 +02:00
arm target-arm queue: 2024-09-06 13:59:37 +01:00
audio hw/audio/virtio-sound: fix heap buffer overflow 2024-09-11 09:46:14 -04:00
avr avr: switch boards to "default y" 2024-05-03 15:47:47 +02:00
block hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something 2024-08-06 10:22:52 +02:00
char hw/char/bcm2835_aux: Fix assert when receive FIFO fills up 2024-07-29 13:34:18 +01:00
core hw: Move declaration of IRQState to header and add init function 2024-09-11 07:20:30 -04:00
cpu hw: Add a Kconfig switch for the TYPE_CPU_CLUSTER device 2024-04-25 12:48:12 +02:00
cris cris: switch boards to "default y" 2024-05-03 15:47:47 +02:00
cxl hw/cxl: fix physical address field in get scan media results output 2024-09-11 09:46:14 -04:00
display virtio: Allow .get_vhost() without vhost_started 2024-09-10 14:27:56 -04:00
dma hw/dma/xilinx_axidma: Use semicolon at end of statement, not comma 2024-08-20 00:38:48 +02:00
fsi hw/fsi: Aspeed APB2OPB & On-chip peripheral bus 2024-02-01 08:33:18 +01:00
gpio hw/gpio/aspeed: Add reg_table_count to AspeedGPIOClass 2024-07-02 07:52:43 +02:00
hppa hw/hppa/machine: Replace g_memdup() by g_memdup2() 2024-05-08 19:42:45 +02:00
hyperv kvm: move target-dependent interrupt routing out of kvm-all.c 2024-05-03 15:47:48 +02:00
i2c hw/i2c/mpc_i2c: Fix mmio region size 2024-07-23 20:30:36 +02:00
i386 hw/i386/acpi-build: Return a pre-computed _PRT table 2024-09-11 09:46:14 -04:00
ide hw/ide/pci: Remove dead code from bmdma_prepare_buf() 2024-08-06 10:22:52 +02:00
input hw: arm: Remove use of tabs in some source files 2024-05-28 14:20:48 +01:00
intc hw/intc/loongson_ipi: Restrict to MIPS 2024-08-06 10:22:52 +02:00
ipack hw/ipack: Constify VMState 2023-12-29 11:17:30 +11:00
ipmi hw/ipmi: Constify VMState 2023-12-29 11:17:30 +11:00
isa hw/isa/vt82c686.c: Embed i8259 irq in device state instead of allocating 2024-09-11 07:20:30 -04:00
loongarch hw/loongarch: Fix length for lowram in ACPI SRAT 2024-08-21 11:01:09 +08:00
m68k hw/m68k/mcf5208: Add URLs for datasheets 2024-09-08 11:35:43 +02:00
mem hw/cxl/cxl-mailbox-utils: Add device DDR5 ECS control feature 2024-07-21 14:42:04 -04:00
microblaze microblaze: switch boards to "default y" 2024-05-03 15:47:47 +02:00
mips hw/mips/loongson3_virt: Fix condition of IPI IOCSR connection 2024-08-20 00:28:24 +02:00
misc hw/misc/xlnx-versal-trng: Call register_finalize_block 2024-09-05 13:12:36 +01:00
net vhost_net: configure all host notifiers in a single MR transaction 2024-09-11 09:46:14 -04:00
nubus hw/nubus/nubus-device: Range check 'slot' property 2024-09-08 11:49:49 +02:00
nvme hw/nvme: fix leak of uninitialized memory in io_mgmt_recv 2024-08-20 06:16:48 +02:00
nvram hm/nvram/xlnx-versal-efuse-ctrl: Call register_finalize_block 2024-09-05 13:12:37 +01:00
openrisc kconfig: express dependency of individual boards on libfdt 2024-05-10 15:45:15 +02:00
pci hw/pci/pci-hmp-cmds: Avoid displaying bogus size in 'info pci' 2024-09-11 09:46:04 -04:00
pci-bridge Misc HW patch queue 2024-04-25 09:43:29 -07:00
pci-host hw/pci-host/gt64120: Reset config registers during RESET phase 2024-08-06 16:24:14 +02:00
pcmcia hw/pcmcia/pxa2xx: Inline pxa2xx_pcmcia_init() 2023-10-27 12:48:57 +01:00
ppc hw: add compat machines for 9.2 2024-09-05 13:12:36 +01:00
remote hw/remote/message.c: Don't directly invoke DeviceClass:reset 2024-08-20 00:38:48 +02:00
riscv Revert "hw/riscv/virt.c: imsics DT: add '#msi-cells'" 2024-08-19 14:34:49 +10:00
rtc docs: Correct Loongarch -> LoongArch 2024-07-23 20:30:36 +02:00
rx kconfig: express dependency of individual boards on libfdt 2024-05-10 15:45:15 +02:00
s390x hw: add compat machines for 9.2 2024-09-05 13:12:36 +01:00
scsi scsi-disk: Always report RESERVATION_CONFLICT to guest 2024-08-06 20:12:39 +02:00
sd hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers 2024-08-06 10:22:52 +02:00
sensor hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
sh4 hw/sh4: Remove newline character in trace events 2024-06-10 13:05:27 -04:00
smbios smbios: make memory device size configurable per Machine 2024-07-22 20:15:41 -04:00
sparc sparc: switch boards to "default y" 2024-05-03 15:47:48 +02:00
sparc64 qemu-sparc queue 2024-05-06 10:19:56 -07:00
ssi hw/ppc: SPI controller wiring to P10 chip 2024-07-26 09:21:06 +10:00
timer hpet: avoid timer storms on periodic timers 2024-07-22 19:19:44 +02:00
tpm hw/tpm: Remove HOST_PAGE_ALIGN from tpm_ppi_init 2024-02-29 11:35:36 -10:00
tricore tricore: switch boards to "default y" 2024-05-03 15:47:48 +02:00
ufs hw/ufs: minor bug fixes related to ufs-test 2024-09-06 18:04:16 +09:00
usb hw/usb/u2f-passthru: Get rid of qemu_open_old() 2024-07-17 14:04:15 +03:00
vfio vfio queue: 2024-07-24 12:58:46 +10:00
virtio virtio-pci: Add lookup subregion of VirtIOPCIRegion MR 2024-09-11 09:46:14 -04:00
watchdog aspeed/wdt: Add AST2700 support 2024-06-16 21:08:54 +02:00
xen hw/xen: pvh-common: Add support for creating PCIe/GPEX 2024-09-04 16:50:43 +02:00
xenpv hw/xen: Register framebuffer backend via xen_backend_init() 2024-06-04 11:53:43 +02:00
xtensa hw/xtensa: require libfdt 2024-05-10 15:45:15 +02:00
Kconfig hw: Fix problem with the A*MPCORE switches in the Kconfig files 2024-04-25 12:48:12 +02:00
meson.build hw/rdma: Remove deprecated pvrdma device and rdmacm-mux helper 2024-04-24 16:03:38 +02:00