From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Volker Rümelin" <vr_qemu@t-online.de>,
"Markus Armbruster" <armbru@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>
Subject: [PULL 09/12] audio: audio_generic_get_buffer_in should honor *size
Date: Fri, 7 Feb 2020 08:45:54 +0100 [thread overview]
Message-ID: <20200207074557.26073-10-kraxel@redhat.com> (raw)
In-Reply-To: <20200207074557.26073-1-kraxel@redhat.com>
From: Volker Rümelin <vr_qemu@t-online.de>
The function generic_get_buffer_in currently ignores the *size
parameter and may return a buffer larger than *size.
As a result the variable samples in function
audio_pcm_hw_run_in may underflow. The while loop then most
likely will never termiate.
Buglink: http://bugs.debian.org/948658
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20200123074943.6699-9-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
audio/audio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/audio/audio.c b/audio/audio.c
index b686429203d6..f9859408f340 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -1407,7 +1407,8 @@ void *audio_generic_get_buffer_in(HWVoiceIn *hw, size_t *size)
}
assert(start >= 0 && start < hw->size_emul);
- *size = MIN(hw->pending_emul, hw->size_emul - start);
+ *size = MIN(*size, hw->pending_emul);
+ *size = MIN(*size, hw->size_emul - start);
return hw->buf_emul + start;
}
--
2.18.1
next prev parent reply other threads:[~2020-02-07 7:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-07 7:45 [PULL 00/12] Audio 20200207 patches Gerd Hoffmann
2020-02-07 7:45 ` [PULL 01/12] audio/oss: fix buffer pos calculation Gerd Hoffmann
2020-02-07 7:45 ` [PULL 02/12] audio: fix audio_generic_write Gerd Hoffmann
2020-02-07 7:45 ` [PULL 03/12] audio: fix audio_generic_read Gerd Hoffmann
2020-02-07 7:45 ` [PULL 04/12] paaudio: remove unused variables Gerd Hoffmann
2020-02-07 7:45 ` [PULL 05/12] audio: prevent SIGSEGV in AUD_get_buffer_size_out Gerd Hoffmann
2020-02-07 7:45 ` [PULL 06/12] audio: fix bug 1858488 Gerd Hoffmann
2020-02-07 7:45 ` [PULL 07/12] ossaudio: prevent SIGSEGV in oss_enable_out Gerd Hoffmann
2020-02-07 7:45 ` [PULL 08/12] ossaudio: disable poll mode can't be reached Gerd Hoffmann
2020-02-07 7:45 ` Gerd Hoffmann [this message]
2020-02-07 7:45 ` [PULL 10/12] audio/dsound: fix invalid parameters error Gerd Hoffmann
2020-02-07 7:45 ` [PULL 11/12] coreaudio: fix coreaudio playback Gerd Hoffmann
2020-02-07 7:45 ` [PULL 12/12] audio: proper support for float samples in mixeng Gerd Hoffmann
2020-02-07 13:53 ` Eric Blake
2020-02-07 15:01 ` [PULL 00/12] Audio 20200207 patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200207074557.26073-10-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=armbru@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vr_qemu@t-online.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).