mirror of
https://github.com/Motorhead1991/qemu.git
synced 2025-12-19 14:08:39 -07:00
439009617e
When setting the parameters of a PCM stream, we compute the bit flag
with the format and rate values as shift operand to check if they are
set in supported_formats and supported_rates.
If the guest provides a format/rate value which when shifting 1 results
in a value bigger than the number of bits in
supported_formats/supported_rates, we must report an error.
Previously, this ended up triggering the not reached assertions later
when converting to internal QEMU values.
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2416
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <virtio-snd-fuzz-2416-fix-v1-manos.pitsidianakis@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| ac97.c | ||
| ac97.h | ||
| adlib.c | ||
| asc.c | ||
| cs4231.c | ||
| cs4231a.c | ||
| es1370.c | ||
| fmopl.c | ||
| fmopl.h | ||
| gus.c | ||
| gusemu.h | ||
| gusemu_hal.c | ||
| gusemu_mixer.c | ||
| gustate.h | ||
| hda-codec-common.h | ||
| hda-codec.c | ||
| intel-hda-defs.h | ||
| intel-hda.c | ||
| intel-hda.h | ||
| Kconfig | ||
| lm4549.c | ||
| lm4549.h | ||
| marvell_88w8618.c | ||
| meson.build | ||
| pcspk.c | ||
| pl041.c | ||
| pl041.h | ||
| pl041.hx | ||
| sb16.c | ||
| soundhw.c | ||
| trace-events | ||
| trace.h | ||
| via-ac97.c | ||
| virtio-snd-pci.c | ||
| virtio-snd.c | ||
| wm8750.c | ||