audio: audio_generic_get_buffer_in should honor *size

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

The function generic_get_buffer_in currently ignores the *size
parameter and may return a buffer larger than *size.

As a result the variable samples in function
audio_pcm_hw_run_in may underflow. The while loop then most
likely will never termiate.

Buglink: http://bugs.debian.org/948658
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20200123074943.6699-9-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

authored by

Volker Rümelin and committed by

Gerd Hoffmann 6 years ago 599eac4e f03cd068

+2 -1

1 changed file

expand all

audio

audio.c

+2 -1

audio/audio.c

··· 1407 1407 } 1408 1408 assert(start >= 0 && start < hw->size_emul); 1409 1409 1410 - *size = MIN(hw->pending_emul, hw->size_emul - start); 1410 + *size = MIN(*size, hw->pending_emul); 1411 + *size = MIN(*size, hw->size_emul - start); 1411 1412 return hw->buf_emul + start; 1412 1413 } 1413 1414