[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.7 52/53] hw/audio/virtio-snd: fix invalid param check
From: |
Michael Tokarev |
Subject: |
[Stable-8.2.7 52/53] hw/audio/virtio-snd: fix invalid param check |
Date: |
Fri, 6 Sep 2024 09:54:22 +0300 |
From: Volker RĂ¼melin <vr_qemu@t-online.de>
Commit 9b6083465f ("virtio-snd: check for invalid param shift
operands") tries to prevent invalid parameters specified by the
guest. However, the code is not correct.
Change the code so that the parameters format and rate, which are
a bit numbers, are compared with the bit size of the data type.
Fixes: 9b6083465f ("virtio-snd: check for invalid param shift operands")
Signed-off-by: Volker RĂ¼melin <vr_qemu@t-online.de>
Message-Id: <20240802071805.7123-1-vr_qemu@t-online.de>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 7d14471a121878602cb4e748c4707f9ab9a9e3e2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c
index f0e7349c8a..63394cf5b0 100644
--- a/hw/audio/virtio-snd.c
+++ b/hw/audio/virtio-snd.c
@@ -282,12 +282,12 @@ uint32_t virtio_snd_set_pcm_params(VirtIOSound *s,
error_report("Number of channels is not supported.");
return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP);
}
- if (BIT(params->format) > sizeof(supported_formats) ||
+ if (params->format >= sizeof(supported_formats) * BITS_PER_BYTE ||
!(supported_formats & BIT(params->format))) {
error_report("Stream format is not supported.");
return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP);
}
- if (BIT(params->rate) > sizeof(supported_rates) ||
+ if (params->rate >= sizeof(supported_rates) * BITS_PER_BYTE ||
!(supported_rates & BIT(params->rate))) {
error_report("Stream rate is not supported.");
return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP);
--
2.39.2
- [Stable-8.2.7 42/53] hw/core/ptimer: fix timer zero period condition for freq > 1GHz, (continued)
- [Stable-8.2.7 42/53] hw/core/ptimer: fix timer zero period condition for freq > 1GHz, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 41/53] nbd/server: CVE-2024-7409: Avoid use-after-free when closing server, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 46/53] module: Prevent crash by resetting local_err in module_load_qom_all(), Michael Tokarev, 2024/09/06
- [Stable-8.2.7 47/53] target/hexagon: don't look for static glib, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 45/53] target/arm: Clear high SVE elements in handle_vec_simd_wshli, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 48/53] target/sparc: Restrict STQF to sparcv9, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 49/53] crypto/tlscredspsk: Free username on finalize, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 53/53] target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for hppa64, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 50/53] hw/nvme: fix leak of uninitialized memory in io_mgmt_recv, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 51/53] virtio-pci: Fix the use of an uninitialized irqfd, Michael Tokarev, 2024/09/06
- [Stable-8.2.7 52/53] hw/audio/virtio-snd: fix invalid param check,
Michael Tokarev <=