]> www.infradead.org Git - users/dwmw2/qemu.git/commit
projects / users / dwmw2 / qemu.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d29b7f3) | patch
hw/audio/virtio-sound: fix heap buffer overflow
authorVolker RĂ¼melin <vr_qemu@t-online.de>
Sun, 1 Sep 2024 13:01:12 +0000 (15:01 +0200)
committerMichael S. Tsirkin <mst@redhat.com>
Wed, 11 Sep 2024 13:46:14 +0000 (09:46 -0400)
commit7fc6611cad3e9627b23ce83e550b668abba6c886
tree8eeedc8e703aa3571877cbe99b959ccc1c3575e0tree
parentd29b7f3dd4f95da7173b3f0fb58a7d4dbb093f92commit | diff
hw/audio/virtio-sound: fix heap buffer overflow

Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that the fields in the device configuration space
are driver-read-only.

Remove the set_config function from the virtio_snd class.

This also prevents a heap buffer overflow. See QEMU issue #2296.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2296
Signed-off-by: Volker RĂ¼melin <vr_qemu@t-online.de>
Message-Id: <20240901130112.8242-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
hw/audio/trace-events diff | blob | history
hw/audio/virtio-snd.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.