OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
4a70232b1d
qemu-e2k/audio
History
Volker Rümelin 4f50d4a48e ossaudio: fix out of bounds write 
In function oss_read() a read error currently does not exit the
read loop. With no data to read the variable pos will quickly
underflow and a subsequent successful read overwrites memory
outside the buffer. This patch adds the missing break statement
to the error path of the function.

To reproduce start qemu with -audiodev oss,id=audio0 and in the
guest start audio recording. After some time this will trigger
an exception.

Fixes: 3ba4066d08 "ossaudio: port to the new audio backend api"

Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-id: 20200707180836.5435-1-vr_qemu@t-online.de
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-07-13 11:38:40 +02:00
..
alsaaudio.c
audio_int.h
audio_legacy.c qapi: Make visitor functions taking Error ** return bool, not void 2020-07-10 15:18:08 +02:00
audio_template.h audio/jack: add JACK client audiodev 2020-05-25 11:30:03 +02:00
audio_win_int.c
audio_win_int.h
audio.c audio: fix wavcapture segfault 2020-05-26 07:55:23 +02:00
audio.h audio: Let capture_callback handler use const buffer argument 2020-05-26 08:29:39 +02:00
coreaudio.c
dsound_template.h
dsoundaudio.c dsoundaudio: dsound_get_buffer_in should honor *size 2020-04-06 13:29:53 +02:00
jackaudio.c audio/jack: simplify the re-init code path 2020-06-17 14:44:51 +02:00
Makefile.objs audio/jack: add JACK client audiodev 2020-05-25 11:30:03 +02:00
mixeng_template.h audio: fix saturation nonlinearity in clip_* functions 2020-03-16 10:18:07 +01:00
mixeng.c audio: Let audio_sample_to_uint64() use const samples argument 2020-05-26 08:29:30 +02:00
mixeng.h
noaudio.c
ossaudio.c ossaudio: fix out of bounds write 2020-07-13 11:38:40 +02:00
paaudio.c
rate_template.h
sdlaudio.c
spiceaudio.c
trace-events
wavaudio.c
wavcapture.c audio: Let capture_callback handler use const buffer argument 2020-05-26 08:29:39 +02:00