From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Bandan Das" <bsd@redhat.com>,
"Laurent Vivier" <lvivier@redhat.com>,
"Darren Kenny" <darren.kenny@oracle.com>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
libvir-list@redhat.com, "Qiuhao Li" <Qiuhao.Li@outlook.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Christian Schoenebeck" <qemu_oss@crudebyte.com>,
"Thomas Huth" <thuth@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Alexander Bulekov" <alxndr@bu.edu>,
"Daniel P. Berrangé" <berrange@redhat.com>
Subject: [PATCH 2/9] audio: remove special audio_calloc function
Date: Fri, 13 Jan 2023 11:21:53 -0500 [thread overview]
Message-ID: <20230113162200.3010804-3-berrange@redhat.com> (raw)
In-Reply-To: <20230113162200.3010804-1-berrange@redhat.com>
The audio_calloc function does various checks on the size and
nmembers parameters to detect various error conditions. There
are only 5 callers
* alsa_poll_helper: the pollfd count is small and bounded,
* audio_pcm_create_voice_pair_: allocating a single fixed
size struct
* audio_pcm_sw_alloc_resources_: samples could be negative
zero, or overflow, so needs a check
* audio_pcm_hw_add_new_: voice size could be zero for
backends that don't support audio input
* st_rate_start: allocating a single fixed size struct
IOW, only two of the callers need special error checks and
it is clearer if their respective checks are inlined. Thus
audio_calloc can be eliminated.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
audio/alsaaudio.c | 6 +-----
audio/audio.c | 20 --------------------
audio/audio_int.h | 1 -
audio/audio_template.h | 28 ++++++++++++++--------------
audio/mixeng.c | 7 +------
tests/qtest/fuzz-sb16-test.c | 6 ++++--
6 files changed, 20 insertions(+), 48 deletions(-)
diff --git a/audio/alsaaudio.c b/audio/alsaaudio.c
index 714bfb6453..5f50dfa0bf 100644
--- a/audio/alsaaudio.c
+++ b/audio/alsaaudio.c
@@ -222,11 +222,7 @@ static int alsa_poll_helper (snd_pcm_t *handle, struct pollhlp *hlp, int mask)
return -1;
}
- pfds = audio_calloc ("alsa_poll_helper", count, sizeof (*pfds));
- if (!pfds) {
- dolog ("Could not initialize poll mode\n");
- return -1;
- }
+ pfds = g_new0(struct pollfd, count);
err = snd_pcm_poll_descriptors (handle, pfds, count);
if (err < 0) {
diff --git a/audio/audio.c b/audio/audio.c
index 7b4b957945..f397072a1f 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -146,26 +146,6 @@ static inline int audio_bits_to_index (int bits)
}
}
-void *audio_calloc (const char *funcname, int nmemb, size_t size)
-{
- int cond;
- size_t len;
-
- len = nmemb * size;
- cond = !nmemb || !size;
- cond |= nmemb < 0;
- cond |= len < size;
-
- if (audio_bug ("audio_calloc", cond)) {
- AUD_log (NULL, "%s passed invalid arguments to audio_calloc\n",
- funcname);
- AUD_log (NULL, "nmemb=%d size=%zu (len=%zu)\n", nmemb, size, len);
- return NULL;
- }
-
- return g_malloc0 (len);
-}
-
void AUD_vlog (const char *cap, const char *fmt, va_list ap)
{
if (cap) {
diff --git a/audio/audio_int.h b/audio/audio_int.h
index e87ce014a0..b0cc2cd390 100644
--- a/audio/audio_int.h
+++ b/audio/audio_int.h
@@ -251,7 +251,6 @@ void audio_pcm_init_info (struct audio_pcm_info *info, struct audsettings *as);
void audio_pcm_info_clear_buf (struct audio_pcm_info *info, void *buf, int len);
int audio_bug (const char *funcname, int cond);
-void *audio_calloc (const char *funcname, int nmemb, size_t size);
void audio_run(AudioState *s, const char *msg);
diff --git a/audio/audio_template.h b/audio/audio_template.h
index 720a32e57e..564cbb1f01 100644
--- a/audio/audio_template.h
+++ b/audio/audio_template.h
@@ -116,13 +116,20 @@ static int glue (audio_pcm_sw_alloc_resources_, TYPE) (SW *sw)
samples = (int64_t)sw->HWBUF->size * sw->ratio >> 32;
#endif
- sw->buf = audio_calloc(__func__, samples, sizeof(struct st_sample));
- if (!sw->buf) {
- dolog ("Could not allocate buffer for `%s' (%d samples)\n",
+ if (audio_bug(__func__, samples <= 0)) {
+ dolog ("Could not allocate buffer for '%s', samples %d <= 0\n",
SW_NAME (sw), samples);
return -1;
}
+ if (audio_bug(__func__, (SIZE_MAX / sizeof(struct st_sample) < samples))) {
+ dolog ("Could not allocate buffer for '%s', samples %d overflows\n",
+ SW_NAME (sw), samples);
+ return -1;
+ }
+
+ sw->buf = g_new0(struct st_sample, samples);
+
#ifdef DAC
sw->rate = st_rate_start (sw->info.freq, sw->hw->info.freq);
#else
@@ -264,13 +271,12 @@ static HW *glue(audio_pcm_hw_add_new_, TYPE)(AudioState *s,
return NULL;
}
- hw = audio_calloc(__func__, 1, glue(drv->voice_size_, TYPE));
- if (!hw) {
- dolog ("Can not allocate voice `%s' size %d\n",
- drv->name, glue (drv->voice_size_, TYPE));
+ if (audio_bug(__func__, glue(drv->voice_size_, TYPE) == 0)) {
+ dolog ("Voice size is zero");
return NULL;
}
+ hw = g_malloc0(glue(drv->voice_size_, TYPE));
hw->s = s;
hw->pcm_ops = drv->pcm_ops;
@@ -398,12 +404,7 @@ static SW *glue(audio_pcm_create_voice_pair_, TYPE)(
hw_as = *as;
}
- sw = audio_calloc(__func__, 1, sizeof(*sw));
- if (!sw) {
- dolog ("Could not allocate soft voice `%s' (%zu bytes)\n",
- sw_name ? sw_name : "unknown", sizeof (*sw));
- goto err1;
- }
+ sw = g_new0(SW, 1);
sw->s = s;
hw = glue(audio_pcm_hw_add_, TYPE)(s, &hw_as);
@@ -424,7 +425,6 @@ err3:
glue (audio_pcm_hw_gc_, TYPE) (&hw);
err2:
g_free (sw);
-err1:
return NULL;
}
diff --git a/audio/mixeng.c b/audio/mixeng.c
index 100a306d6f..fe454e0725 100644
--- a/audio/mixeng.c
+++ b/audio/mixeng.c
@@ -414,12 +414,7 @@ struct rate {
*/
void *st_rate_start (int inrate, int outrate)
{
- struct rate *rate = audio_calloc(__func__, 1, sizeof(*rate));
-
- if (!rate) {
- dolog ("Could not allocate resampler (%zu bytes)\n", sizeof (*rate));
- return NULL;
- }
+ struct rate *rate = g_new0(struct rate, 1);
rate->opos = 0;
diff --git a/tests/qtest/fuzz-sb16-test.c b/tests/qtest/fuzz-sb16-test.c
index fc445b1871..a28b93be3a 100644
--- a/tests/qtest/fuzz-sb16-test.c
+++ b/tests/qtest/fuzz-sb16-test.c
@@ -10,7 +10,8 @@
#include "libqtest.h"
/*
- * This used to trigger the assert in audio_calloc
+ * This used to trigger the audio_bug calls in
+ * audio_pcm_sw_alloc_resources
* https://bugs.launchpad.net/qemu/+bug/1910603
*/
static void test_fuzz_sb16_0x1c(void)
@@ -38,7 +39,8 @@ static void test_fuzz_sb16_0x91(void)
}
/*
- * This used to trigger the assert in audio_calloc
+ * This used to trigger the audio_bug calls in
+ * audio_pcm_sw_alloc_resources
* through command 0xd4
*/
static void test_fuzz_sb16_0xd4(void)
--
2.38.1
next prev parent reply other threads:[~2023-01-13 16:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-13 16:21 [PATCH 0/9] audio: remove deprecated QEMU_AUDIO env support Daniel P. Berrangé
2023-01-13 16:21 ` [PATCH 1/9] audio: don't check qemu_add_vm_change_state_handler failure Daniel P. Berrangé
2023-01-15 15:44 ` Volker Rümelin
2023-01-13 16:21 ` Daniel P. Berrangé [this message]
2023-01-15 14:03 ` [PATCH 2/9] audio: remove special audio_calloc function Volker Rümelin
2023-01-16 9:23 ` Daniel P. Berrangé
2023-01-13 16:21 ` [PATCH 3/9] audio: remove unused 'name' in QEMUSoundCard struct Daniel P. Berrangé
2023-01-13 16:21 ` [PATCH 4/9] audio: remove QEMUSoundCard linked list Daniel P. Berrangé
2023-01-13 16:21 ` [PATCH 5/9] audio: remove empty AUD_remove_card method Daniel P. Berrangé
2023-01-13 16:21 ` [PATCH 6/9] docs: split the deprecation warning for soundcards vs VNC Daniel P. Berrangé
2023-01-13 16:21 ` [PATCH 7/9] ui/vnc: don't accept VNC_ENCODING_AUDIO without audiodev Daniel P. Berrangé
2023-01-13 16:21 ` [PATCH 8/9] audio: audio state is now mandatory for capture Daniel P. Berrangé
2023-01-13 16:22 ` [PATCH 9/9] audio: remove support for QEMU_AUDIO_ env variables Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230113162200.3010804-3-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=Qiuhao.Li@outlook.com \
--cc=alxndr@bu.edu \
--cc=bsd@redhat.com \
--cc=darren.kenny@oracle.com \
--cc=kraxel@redhat.com \
--cc=libvir-list@redhat.com \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu_oss@crudebyte.com \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.