[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 369ff9: es1370: check total frame count again
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 369ff9: es1370: check total frame count against current frame |
|
Date: |
Tue, 26 May 2020 06:15:33 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 369ff955a8497988d079c4e3fa1e93c2570c1c69
https://github.com/qemu/qemu/commit/369ff955a8497988d079c4e3fa1e93c2570c1c69
Author: Prasad J Pandit <address@hidden>
Date: 2020-05-25 (Mon, 25 May 2020)
Changed paths:
M hw/audio/es1370.c
Log Message:
-----------
es1370: check total frame count against current frame
A guest user may set channel frame count via es1370_write()
such that, in es1370_transfer_audio(), total frame count
'size' is lesser than the number of frames that are processed
'cnt'.
int cnt = d->frame_cnt >> 16;
int size = d->frame_cnt & 0xffff;
if (size < cnt), it results in incorrect calculations leading
to OOB access issue(s). Add check to avoid it.
Reported-by: Ren Ding <address@hidden>
Reported-by: Hanqing Zhao <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 2f097e1964dc25a5633a54cae15ff068e9473196
https://github.com/qemu/qemu/commit/2f097e1964dc25a5633a54cae15ff068e9473196
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-05-25 (Mon, 25 May 2020)
Changed paths:
M hw/audio/gus.c
Log Message:
-----------
hw/audio/gus: Use AUDIO_HOST_ENDIANNESS definition from 'audio/audio.h'
Use the generic AUDIO_HOST_ENDIANNESS definition instead
of a custom one.
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 2e44570321056feaa045a51d5e3e8585cea627d0
https://github.com/qemu/qemu/commit/2e44570321056feaa045a51d5e3e8585cea627d0
Author: Geoffrey McRae <address@hidden>
Date: 2020-05-25 (Mon, 25 May 2020)
Changed paths:
M audio/Makefile.objs
M audio/audio.c
M audio/audio_template.h
A audio/jackaudio.c
M configure
M qapi/audio.json
Log Message:
-----------
audio/jack: add JACK client audiodev
This commit adds a new audiodev backend to allow QEMU to use JACK as
both an audio sink and source.
Signed-off-by: Geoffrey McRae <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 9c61fcc89a70256c19047d251aa44f666f06089c
https://github.com/qemu/qemu/commit/9c61fcc89a70256c19047d251aa44f666f06089c
Author: Volker Rümelin <address@hidden>
Date: 2020-05-26 (Tue, 26 May 2020)
Changed paths:
M audio/mixeng.c
Log Message:
-----------
audio/mixeng: fix clang 10+ warning
The code in CONV_NATURAL_FLOAT() and CLIP_NATURAL_FLOAT()
seems to use the constant 2^31-0.5 to convert float to integer
and back. But the float type lacks the required precision and
the constant used for the conversion is 2^31. This is equiva-
lent to a [-1.f, 1.f] <-> [INT32_MIN, INT32_MAX + 1] mapping.
This patch explicitly writes down the used constant. The
compiler generated code doesn't change.
The constant 2^31 has an exact float representation and the
clang 10 compiler stops complaining about an implicit int to
float conversion with a changed value.
A few notes:
- The conversion of 1.f to INT32_MAX + 1 doesn't overflow. The
type of the destination variable is int64_t.
- At a later stage one of the clip_* functions in
audio/mixeng_template.h limits INT32_MAX + 1 to the integer
range.
- The clip_natural_float_* functions in audio/mixeng.c convert
INT32_MAX and INT32_MAX + 1 to 1.f.
Buglink: https://bugs.launchpad.net/bugs/1878627
Signed-off-by: Volker Rümelin <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: cbaf25d1f59ee13fc7542a06ea70784f2e000c04
https://github.com/qemu/qemu/commit/cbaf25d1f59ee13fc7542a06ea70784f2e000c04
Author: Bruce Rogers <address@hidden>
Date: 2020-05-26 (Tue, 26 May 2020)
Changed paths:
M audio/audio.c
Log Message:
-----------
audio: fix wavcapture segfault
Commit 571a8c522e caused the HMP wavcapture command to segfault when
processing audio data in audio_pcm_sw_write(), where a NULL
sw->hw->pcm_ops is dereferenced. This fix checks that the pointer is
valid before dereferincing it. A similar fix is also made in the
parallel function audio_pcm_sw_read().
Fixes: 571a8c522e (audio: split ctl_* functions into enable_* and
volume_*)
Signed-off-by: Bruce Rogers <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: e709d2ac47e71a879294f20e3fb994b7aea55226
https://github.com/qemu/qemu/commit/e709d2ac47e71a879294f20e3fb994b7aea55226
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-05-26 (Tue, 26 May 2020)
Changed paths:
M audio/audio.h
M audio/mixeng.c
Log Message:
-----------
audio: Let audio_sample_to_uint64() use const samples argument
The samples are the input to convert to u64. As we should
not modify them, mark the argument const.
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 57a878ed4f76a3a6b06dd8fa7df846adad6633ac
https://github.com/qemu/qemu/commit/57a878ed4f76a3a6b06dd8fa7df846adad6633ac
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-05-26 (Tue, 26 May 2020)
Changed paths:
M audio/audio.h
M audio/wavcapture.c
M ui/vnc.c
Log Message:
-----------
audio: Let capture_callback handler use const buffer argument
The buffer is the captured input to pass to backends.
As we should not modify it, mark the argument const.
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: b3b8a1fea6ed5004bbad2f70833caee70402bf02
https://github.com/qemu/qemu/commit/b3b8a1fea6ed5004bbad2f70833caee70402bf02
Author: Philippe Mathieu-Daudé <address@hidden>
Date: 2020-05-26 (Tue, 26 May 2020)
Changed paths:
M hw/mips/mips_fulong2e.c
Log Message:
-----------
hw/mips/mips_fulong2e: Remove unused 'audio/audio.h' include
The Fuloong machine never had to use "audio/audio.h", remove it.
Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Huacai Chen <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 8f72c75cfc9b3c84a9b5e7a58ee5e471cb2f19c8
https://github.com/qemu/qemu/commit/8f72c75cfc9b3c84a9b5e7a58ee5e471cb2f19c8
Author: Peter Maydell <address@hidden>
Date: 2020-05-26 (Tue, 26 May 2020)
Changed paths:
M audio/Makefile.objs
M audio/audio.c
M audio/audio.h
M audio/audio_template.h
A audio/jackaudio.c
M audio/mixeng.c
M audio/wavcapture.c
M configure
M hw/audio/es1370.c
M hw/audio/gus.c
M hw/mips/mips_fulong2e.c
M qapi/audio.json
M ui/vnc.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/kraxel/tags/audio-20200526-pull-request' into staging
audio: add JACK client audiodev.
audio: bugfixes and cleanups.
# gpg: Signature made Tue 26 May 2020 08:56:21 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>" [full]
# gpg: aka "Gerd Hoffmann <address@hidden>" [full]
# gpg: aka "Gerd Hoffmann (private) <address@hidden>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/audio-20200526-pull-request:
hw/mips/mips_fulong2e: Remove unused 'audio/audio.h' include
audio: Let capture_callback handler use const buffer argument
audio: Let audio_sample_to_uint64() use const samples argument
audio: fix wavcapture segfault
audio/mixeng: fix clang 10+ warning
audio/jack: add JACK client audiodev
hw/audio/gus: Use AUDIO_HOST_ENDIANNESS definition from 'audio/audio.h'
es1370: check total frame count against current frame
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/fea8f3ed7395...8f72c75cfc9b
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 369ff9: es1370: check total frame count against current frame,
Peter Maydell <=