git.ipfire.org Git - thirdparty/qemu.git/commit

author	Volker Rümelin <vr_qemu@t-online.de>
	Sun, 1 Sep 2024 13:01:12 +0000 (15:01 +0200)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Sat, 14 Sep 2024 16:25:11 +0000 (19:25 +0300)
commit	98da91026b6ebe14fb7617e815670dfc3c035d8e
tree	b3379792fe5367443d792739b2f8e96d3273bd2d	tree
parent	7a8d34c549e3600f9bcf98a3ff0d2b840e9241b2	commit \| diff

hw/audio/virtio-sound: fix heap buffer overflow

Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that the fields in the device configuration space
are driver-read-only.

Remove the set_config function from the virtio_snd class.

This also prevents a heap buffer overflow. See QEMU issue #2296.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2296
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240901130112.8242-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 7fc6611cad3e9627b23ce83e550b668abba6c886)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

hw/audio/trace-events		diff \| blob \| blame \| history
hw/audio/virtio-snd.c		diff \| blob \| blame \| history