git.ipfire.org Git - thirdparty/qemu.git/commit

author	Volker Rümelin <vr_qemu@t-online.de>
	Sun, 1 Sep 2024 13:01:12 +0000 (15:01 +0200)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Wed, 25 Sep 2024 18:04:10 +0000 (21:04 +0300)
commit	df9aa3dd8c05e1ee58cf38ecf3e2bd5994dbc9ea
tree	5ab88110439b5379bcf8a755c5782e11dec910d7	tree
parent	cd320c8a82773b8219e58d5e949db419f51b00f3	commit \| diff

hw/audio/virtio-sound: fix heap buffer overflow

Currently, the guest may write to the device configuration space,
whereas the virtio sound device specification in chapter 5.14.4
clearly states that the fields in the device configuration space
are driver-read-only.

Remove the set_config function from the virtio_snd class.

This also prevents a heap buffer overflow. See QEMU issue #2296.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2296
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240901130112.8242-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 7fc6611cad3e9627b23ce83e550b668abba6c886)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

hw/audio/trace-events		diff \| blob \| blame \| history
hw/audio/virtio-snd.c		diff \| blob \| blame \| history