439009617e
When setting the parameters of a PCM stream, we compute the bit flag
with the format and rate values as shift operand to check if they are
set in supported_formats and supported_rates.
If the guest provides a format/rate value which when shifting 1 results
in a value bigger than the number of bits in
supported_formats/supported_rates, we must report an error.
Previously, this ended up triggering the not reached assertions later
when converting to internal QEMU values.
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2416
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <virtio-snd-fuzz-2416-fix-v1-manos.pitsidianakis@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit
|
||
---|---|---|
.. | ||
ac97.c | ||
ac97.h | ||
adlib.c | ||
asc.c | ||
cs4231.c | ||
cs4231a.c | ||
es1370.c | ||
fmopl.c | ||
fmopl.h | ||
gus.c | ||
gusemu_hal.c | ||
gusemu_mixer.c | ||
gusemu.h | ||
gustate.h | ||
hda-codec-common.h | ||
hda-codec.c | ||
intel-hda-defs.h | ||
intel-hda.c | ||
intel-hda.h | ||
Kconfig | ||
lm4549.c | ||
lm4549.h | ||
marvell_88w8618.c | ||
meson.build | ||
pcspk.c | ||
pl041.c | ||
pl041.h | ||
pl041.hx | ||
sb16.c | ||
soundhw.c | ||
trace-events | ||
trace.h | ||
via-ac97.c | ||
virtio-snd-pci.c | ||
virtio-snd.c | ||
wm8750.c |