Re: [PATCH] ossaudio: fix out of bounds write

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] ossaudio: fix out of bounds write

From:	Gerd Hoffmann
Subject:	Re: [PATCH] ossaudio: fix out of bounds write
Date:	Thu, 9 Jul 2020 14:55:58 +0200

> > diff --git a/audio/ossaudio.c b/audio/ossaudio.c
> > index f88d076ec2..a7dcaa31ad 100644
> > --- a/audio/ossaudio.c
> > +++ b/audio/ossaudio.c
> > @@ -691,6 +691,7 @@ static size_t oss_read(HWVoiceIn *hw, void *buf, size_t 
> > len)
> >                             len, dst);
> >                  break;
> >              }
> > +            break;
> >          }
> >  
> >          pos += nread;
> 
> ... now pos += -1, then the size returned misses the last byte.

No, it doesn't.  break leaves the while loop, not the if condition.
>From patch context it isn't obvious though, you need to look at the
source code ...

Patch queued.

thanks,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] ossaudio: fix out of bounds write, Volker Rümelin, 2020/07/07
- Re: [PATCH] ossaudio: fix out of bounds write, Philippe Mathieu-Daudé, 2020/07/08
  - Re: [PATCH] ossaudio: fix out of bounds write, Volker Rümelin, 2020/07/08
  - Re: [PATCH] ossaudio: fix out of bounds write, BALATON Zoltan, 2020/07/08
  - Re: [PATCH] ossaudio: fix out of bounds write, Gerd Hoffmann <=

Prev by Date: Re: [PATCH v5 08/20] microvm/acpi: add minimal acpi support
Next by Date: Re: [PULL 00/41] testing updates (vm, gitlab, misc build fixes)
Previous by thread: Re: [PATCH] ossaudio: fix out of bounds write
Next by thread: [PULL 00/32] AVR port
Index(es):
- Date
- Thread