git.ipfire.org Git - thirdparty/qemu.git/commit

author	Volker Rümelin <vr_qemu@t-online.de>
	Sun, 1 Sep 2024 13:01:12 +0000 (15:01 +0200)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Sat, 14 Sep 2024 16:25:04 +0000 (19:25 +0300)
commit	58528bf20e32a31c3dfa5051dd89cfd4cfa3e8f2
tree	da5d823f4bd13d411d9002737ebd103ef63151c7	tree
parent	d2c3c7ddc96bf8328ecffc7a9a4d5f0a0b436a5f	commit \| diff

hw/audio/virtio-sound: fix heap buffer overflow

Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that the fields in the device configuration space
are driver-read-only.

Remove the set_config function from the virtio_snd class.

This also prevents a heap buffer overflow. See QEMU issue #2296.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2296
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240901130112.8242-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 7fc6611cad3e9627b23ce83e550b668abba6c886)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

hw/audio/trace-events		diff \| blob \| blame \| history
hw/audio/virtio-snd.c		diff \| blob \| blame \| history