From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Volker Rümelin" <vr_qemu@t-online.de>,
"Markus Armbruster" <armbru@redhat.com>,
"Gerd Hoffmann" <kraxel@redhat.com>
Subject: [PULL 09/12] audio: audio_generic_get_buffer_in should honor *size
Date: Fri, 7 Feb 2020 08:45:54 +0100 [thread overview]
Message-ID: <20200207074557.26073-10-kraxel@redhat.com> (raw)
In-Reply-To: <20200207074557.26073-1-kraxel@redhat.com>
From: Volker Rümelin <vr_qemu@t-online.de>
The function generic_get_buffer_in currently ignores the *size
parameter and may return a buffer larger than *size.
As a result the variable samples in function
audio_pcm_hw_run_in may underflow. The while loop then most
likely will never termiate.
Buglink: http://bugs.debian.org/948658
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20200123074943.6699-9-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
audio/audio.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/audio/audio.c b/audio/audio.c
index b686429203d6..f9859408f340 100644
--- a/audio/audio.c
+++ b/audio/audio.c
@@ -1407,7 +1407,8 @@ void *audio_generic_get_buffer_in(HWVoiceIn *hw, size_t *size)
}
assert(start >= 0 && start < hw->size_emul);
- *size = MIN(hw->pending_emul, hw->size_emul - start);
+ *size = MIN(*size, hw->pending_emul);
+ *size = MIN(*size, hw->size_emul - start);
return hw->buf_emul + start;
}
--
2.18.1
next prev parent reply other threads:[~2020-02-07 7:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-07 7:45 [PULL 00/12] Audio 20200207 patches Gerd Hoffmann
2020-02-07 7:45 ` [PULL 01/12] audio/oss: fix buffer pos calculation Gerd Hoffmann
2020-02-07 7:45 ` [PULL 02/12] audio: fix audio_generic_write Gerd Hoffmann
2020-02-07 7:45 ` [PULL 03/12] audio: fix audio_generic_read Gerd Hoffmann
2020-02-07 7:45 ` [PULL 04/12] paaudio: remove unused variables Gerd Hoffmann
2020-02-07 7:45 ` [PULL 05/12] audio: prevent SIGSEGV in AUD_get_buffer_size_out Gerd Hoffmann
2020-02-07 7:45 ` [PULL 06/12] audio: fix bug 1858488 Gerd Hoffmann
2020-02-07 7:45 ` [PULL 07/12] ossaudio: prevent SIGSEGV in oss_enable_out Gerd Hoffmann
2020-02-07 7:45 ` [PULL 08/12] ossaudio: disable poll mode can't be reached Gerd Hoffmann
2020-02-07 7:45 ` Gerd Hoffmann [this message]
2020-02-07 7:45 ` [PULL 10/12] audio/dsound: fix invalid parameters error Gerd Hoffmann
2020-02-07 7:45 ` [PULL 11/12] coreaudio: fix coreaudio playback Gerd Hoffmann
2020-02-07 7:45 ` [PULL 12/12] audio: proper support for float samples in mixeng Gerd Hoffmann
2020-02-07 13:53 ` Eric Blake
2020-02-07 15:01 ` [PULL 00/12] Audio 20200207 patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200207074557.26073-10-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=armbru@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vr_qemu@t-online.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.