a2cd86a94a
While the SB16 seems to work up to 48000 Hz, the "Sound Blaster Series
Hardware Programming Guide" limit the sampling range from 4000 Hz to
44100 Hz (Section 3-9, 3-10: Digitized Sound I/O Programming, tables
3-2 and 3-3).
Later, section 6-15 (DSP Commands) is more specific regarding the 41h /
42h registers (Set digitized sound output sampling rate):
Valid sampling rates range from 5000 to 45000 Hz inclusive.
There is no comment regarding error handling if the register is filled
with an out-of-range value. (See also section 3-28 "8-bit or 16-bit
Auto-initialize Transfer"). Assume limits are enforced in hardware.
This fixes triggering an assertion in audio_calloc():
#1 abort
#2 audio_bug audio/audio.c:119:9
#3 audio_calloc audio/audio.c:154:9
#4 audio_pcm_sw_alloc_resources_out audio/audio_template.h:116:15
#5 audio_pcm_sw_init_out audio/audio_template.h:175:11
#6 audio_pcm_create_voice_pair_out audio/audio_template.h:410:9
#7 AUD_open_out audio/audio_template.h:503:14
#8 continue_dma8 hw/audio/sb16.c:216:20
#9 dma_cmd8 hw/audio/sb16.c:276:5
#10 command hw/audio/sb16.c:0
#11 dsp_write hw/audio/sb16.c:949:13
#12 portio_write softmmu/ioport.c:205:13
#13 memory_region_write_accessor softmmu/memory.c:491:5
#14 access_with_adjusted_size softmmu/memory.c:552:18
#15 memory_region_dispatch_write softmmu/memory.c:0:13
#16 flatview_write_continue softmmu/physmem.c:2759:23
#17 flatview_write softmmu/physmem.c:2799:14
#18 address_space_write softmmu/physmem.c:2891:18
#19 cpu_outw softmmu/ioport.c:70:5
[*] http://www.baudline.com/solutions/full_duplex/sb16_pci/index.html
OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29174
Fixes:
|
||
---|---|---|
.. | ||
fuzz | ||
libqos | ||
ac97-test.c | ||
acpi-utils.c | ||
acpi-utils.h | ||
ahci-test.c | ||
am53c974-test.c | ||
arm-cpu-features.c | ||
aspeed_hace-test.c | ||
aspeed_smc-test.c | ||
bios-tables-test-allowed-diff.h | ||
bios-tables-test.c | ||
boot-order-test.c | ||
boot-sector.c | ||
boot-sector.h | ||
boot-serial-test.c | ||
cdrom-test.c | ||
cmsdk-apb-dualtimer-test.c | ||
cmsdk-apb-timer-test.c | ||
cmsdk-apb-watchdog-test.c | ||
cpu-plug-test.c | ||
dbus-vmstate1.xml | ||
dbus-vmstate-test.c | ||
device-introspect-test.c | ||
device-plug-test.c | ||
display-vga-test.c | ||
drive_del-test.c | ||
ds1338-test.c | ||
e1000-test.c | ||
e1000e-test.c | ||
eepro100-test.c | ||
emc141x-test.c | ||
endianness-test.c | ||
es1370-test.c | ||
fdc-test.c | ||
fuzz-e1000e-test.c | ||
fuzz-megasas-test.c | ||
fuzz-sb16-test.c | ||
fuzz-virtio-scsi-test.c | ||
fw_cfg-test.c | ||
hd-geo-test.c | ||
hexloader-test.c | ||
i440fx-test.c | ||
i82801b11-test.c | ||
ide-test.c | ||
intel-hda-test.c | ||
ioh3420-test.c | ||
ipmi-bt-test.c | ||
ipmi-kcs-test.c | ||
ipoctal232-test.c | ||
ivshmem-test.c | ||
libqtest-single.h | ||
libqtest.c | ||
lpc-ich9-test.c | ||
m48t59-test.c | ||
machine-none-test.c | ||
megasas-test.c | ||
meson.build | ||
microbit-test.c | ||
migration-helpers.c | ||
migration-helpers.h | ||
migration-test.c | ||
modules-test.c | ||
ne2000-test.c | ||
npcm7xx_adc-test.c | ||
npcm7xx_emc-test.c | ||
npcm7xx_gpio-test.c | ||
npcm7xx_pwm-test.c | ||
npcm7xx_rng-test.c | ||
npcm7xx_smbus-test.c | ||
npcm7xx_timer-test.c | ||
npcm7xx_watchdog_timer-test.c | ||
numa-test.c | ||
nvme-test.c | ||
pca9552-test.c | ||
pci-test.c | ||
pcnet-test.c | ||
pflash-cfi02-test.c | ||
pnv-xscom-test.c | ||
prom-env-test.c | ||
pvpanic-pci-test.c | ||
pvpanic-test.c | ||
pxe-test.c | ||
q35-test.c | ||
qmp-cmd-test.c | ||
qmp-test.c | ||
qom-test.c | ||
qos-test.c | ||
rtas-test.c | ||
rtc-test.c | ||
rtl8139-test.c | ||
sdhci-test.c | ||
spapr-phb-test.c | ||
sse-timer-test.c | ||
tco-test.c | ||
test-arm-mptimer.c | ||
test-filter-mirror.c | ||
test-filter-redirector.c | ||
test-hmp.c | ||
test-netfilter.c | ||
test-x86-cpuid-compat.c | ||
tmp105-test.c | ||
tpm-crb-swtpm-test.c | ||
tpm-crb-test.c | ||
tpm-emu.c | ||
tpm-emu.h | ||
tpm-tests.c | ||
tpm-tests.h | ||
tpm-tis-device-swtpm-test.c | ||
tpm-tis-device-test.c | ||
tpm-tis-swtpm-test.c | ||
tpm-tis-test.c | ||
tpm-tis-util.c | ||
tpm-tis-util.h | ||
tpm-util.c | ||
tpm-util.h | ||
tulip-test.c | ||
usb-hcd-ehci-test.c | ||
usb-hcd-ohci-test.c | ||
usb-hcd-uhci-test.c | ||
usb-hcd-xhci-test.c | ||
vhost-user-blk-test.c | ||
vhost-user-test.c | ||
virtio-9p-test.c | ||
virtio-blk-test.c | ||
virtio-ccw-test.c | ||
virtio-net-test.c | ||
virtio-rng-test.c | ||
virtio-scsi-test.c | ||
virtio-serial-test.c | ||
virtio-test.c | ||
vmgenid-test.c | ||
vmxnet3-test.c | ||
wdt_ib700-test.c | ||
xlnx-can-test.c |