mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7fc6611cad
qemu/hw/audio
History
Volker Rümelin 7fc6611cad hw/audio/virtio-sound: fix heap buffer overflow 
Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that the fields in the device configuration space
are driver-read-only.

Remove the set_config function from the virtio_snd class.

This also prevents a heap buffer overflow. See QEMU issue #2296.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2296
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240901130112.8242-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-09-11 09:46:14 -04:00
..
ac97.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
ac97.h hw/audio/ac97: Split off some definitions to a header 2023-02-27 22:29:02 +01:00
adlib.c audio: propagate Error * out of audio_init 2023-10-03 10:29:40 +02:00
asc.c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
cs4231.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
cs4231a.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
es1370.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
fmopl.c audio: spelling fixes 2023-09-08 13:08:52 +03:00
fmopl.h audio: spelling fixes 2023-09-08 13:08:52 +03:00
gus.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
gusemu_hal.c audio: spelling fixes 2023-09-08 13:08:52 +03:00
gusemu_mixer.c hw/audio/gus: Fix registers 32-bit access 2020-06-19 11:20:09 +02:00
gusemu.h audio: GUSsample is int16_t 2017-05-04 09:16:05 +02:00
gustate.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
hda-codec-common.h hda-codec: make mixemu selectable at runtime 2013-09-24 10:29:34 +02:00
hda-codec.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
intel-hda-defs.h audio: spelling fixes 2023-09-08 13:08:52 +03:00
intel-hda.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
intel-hda.h hw/audio: Simplify hda audio init 2023-09-22 16:30:07 +02:00
Kconfig Add virtio-sound device stub 2023-11-07 03:39:10 -05:00
lm4549.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
lm4549.h hw/audio/lm4549: Add errp error reporting to init function 2023-09-22 16:30:07 +02:00
marvell_88w8618.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
meson.build Add virtio-sound-pci device 2023-11-07 03:39:10 -05:00
pcspk.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
pl041.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00
pl041.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
pl041.hx
sb16.c hw/audio/sb16: Do not migrate qdev properties 2024-01-05 16:20:15 +01:00
soundhw.c hw/audio/soundhw: Clean up global variable shadowing 2023-10-06 13:16:57 +02:00
trace-events hw/audio/virtio-sound: fix heap buffer overflow 2024-09-11 09:46:14 -04:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
via-ac97.c hw/audio/via-ac97: Route interrupts using via_isa_set_irq() 2023-11-28 14:26:37 +01:00
virtio-snd-pci.c hw/audio/virtio-snd-pci: fix the PCI class code 2023-12-02 15:56:49 -05:00
virtio-snd.c hw/audio/virtio-sound: fix heap buffer overflow 2024-09-11 09:46:14 -04:00
wm8750.c hw/audio: Constify VMState 2023-12-29 11:17:30 +11:00