Re: [PATCH] es1370: check total frame count against current frame

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] es1370: check total frame count against current frame

From:	P J P
Subject:	Re: [PATCH] es1370: check total frame count against current frame
Date:	Wed, 20 May 2020 00:05:48 +0530 (IST)

+-- On Fri, 15 May 2020, P J P wrote --+
| From: Prasad J Pandit <address@hidden>
| 
| A guest user may set channel frame count via es1370_write()
| such that, in es1370_transfer_audio(), total frame count
| 'size' is lesser than the number of frames that are processed
| 'cnt'.
| 
|     int cnt = d->frame_cnt >> 16;
|     int size = d->frame_cnt & 0xffff;
| 
| if (size < cnt), it results in incorrect calculations leading
| to OOB access issue(s). Add check to avoid it.
| 

Ping...!
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] es1370: check total frame count against current frame, P J P, 2020/05/14
- Re: [PATCH] es1370: check total frame count against current frame, P J P <=
  - Re: [PATCH] es1370: check total frame count against current frame, Gerd Hoffmann, 2020/05/20

Prev by Date: Re: [PATCH 2/2] target/i386: fix IEEE x87 floating-point exception raising
Next by Date: Re: [PATCH 0/2] Update use_goto_tb() in hppa and rx targets
Previous by thread: [PATCH] es1370: check total frame count against current frame
Next by thread: Re: [PATCH] es1370: check total frame count against current frame
Index(es):
- Date
- Thread