| commit | 60e543f5ce46d4a90a95963b3bab5c7d13a2aaa9 | |
| author | Qiang Liu <cyruscyliu@gmail.com> | |
| Thu, 24 Jun 2021 02:44:47 +0000 (24 10:44 +0800) | ||
| committer | Gerd Hoffmann <kraxel@redhat.com> | |
| Thu, 24 Jun 2021 09:42:54 +0000 (24 11:42 +0200) | ||
| tree | d3e068cf32f92f1eb802f7d0769489317ec1559e | treesnapshot (tar.gz zip) |
| parent | eb1a35e47aff9bda70d74874241e7966f800f4e3 | commitdiff |
hw/audio/sb16: Restrict I/O sampling rate range for command 41h/42h
The I/O sampling rate range is enforced to 5000 to 45000HZ according to
commit a2cd86a9. Setting I/O sampling rate with command 41h/42h, a guest
user can break this assumption and trigger an assertion in audio_calloc
via command 0xd4. This patch restricts the I/O sampling rate range for
command 41h/42h.
Fixes: 85571bc7415 ("audio merge (malc)")
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <1624502687-5214-1-git-send-email-cyruscyliu@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
The I/O sampling rate range is enforced to 5000 to 45000HZ according to
commit a2cd86a9. Setting I/O sampling rate with command 41h/42h, a guest
user can break this assumption and trigger an assertion in audio_calloc
via command 0xd4. This patch restricts the I/O sampling rate range for
command 41h/42h.
Fixes: 85571bc7415 ("audio merge (malc)")
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <1624502687-5214-1-git-send-email-cyruscyliu@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| hw/audio/sb16.c | diffblobblamehistory | |
| tests/qtest/fuzz-sb16-test.c | diffblobblamehistory |