Message ID | 7d14471a121878602cb4e748c4707f9ab9a9e3e2.1724151593.git.mst@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [PULL,1/3] vhost: Add VIRTIO_NET_F_RSC_EXT to vhost feature bits | expand |
Cc: qemu-stable@nongnu.org Without this patch, the virtio-sound device will not work in the next QEMU stable-8.2 and stable-9.0 versions. With best regards, Volker > From: Volker Rümelin <vr_qemu@t-online.de> > > Commit 9b6083465f ("virtio-snd: check for invalid param shift > operands") tries to prevent invalid parameters specified by the > guest. However, the code is not correct. > > Change the code so that the parameters format and rate, which are > a bit numbers, are compared with the bit size of the data type. > > Fixes: 9b6083465f ("virtio-snd: check for invalid param shift operands") > Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> > Message-Id: <20240802071805.7123-1-vr_qemu@t-online.de> > Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> > Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Michael S. Tsirkin <mst@redhat.com> > --- > hw/audio/virtio-snd.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c > index e5196aa4bb..d1cf5eb445 100644 > --- a/hw/audio/virtio-snd.c > +++ b/hw/audio/virtio-snd.c > @@ -282,12 +282,12 @@ uint32_t virtio_snd_set_pcm_params(VirtIOSound *s, > error_report("Number of channels is not supported."); > return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP); > } > - if (BIT(params->format) > sizeof(supported_formats) || > + if (params->format >= sizeof(supported_formats) * BITS_PER_BYTE || > !(supported_formats & BIT(params->format))) { > error_report("Stream format is not supported."); > return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP); > } > - if (BIT(params->rate) > sizeof(supported_rates) || > + if (params->rate >= sizeof(supported_rates) * BITS_PER_BYTE || > !(supported_rates & BIT(params->rate))) { > error_report("Stream rate is not supported."); > return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP);
diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c index e5196aa4bb..d1cf5eb445 100644 --- a/hw/audio/virtio-snd.c +++ b/hw/audio/virtio-snd.c @@ -282,12 +282,12 @@ uint32_t virtio_snd_set_pcm_params(VirtIOSound *s, error_report("Number of channels is not supported."); return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP); } - if (BIT(params->format) > sizeof(supported_formats) || + if (params->format >= sizeof(supported_formats) * BITS_PER_BYTE || !(supported_formats & BIT(params->format))) { error_report("Stream format is not supported."); return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP); } - if (BIT(params->rate) > sizeof(supported_rates) || + if (params->rate >= sizeof(supported_rates) * BITS_PER_BYTE || !(supported_rates & BIT(params->rate))) { error_report("Stream rate is not supported."); return cpu_to_le32(VIRTIO_SND_S_NOT_SUPP);