Date: Thu, 28 May 2026 14:46:09 +0000 From: Christos Margiolis <christos@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 453de99b386d - main - virtual_oss(8): Fix buffer overflow in voss_compressor() call Message-ID: <6a185531.24195.1452040e@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by christos: URL: https://cgit.FreeBSD.org/src/commit/?id=453de99b386d40754a038cc4b804f4c7a3b04624 commit 453de99b386d40754a038cc4b804f4c7a3b04624 Author: Christos Margiolis <christos@FreeBSD.org> AuthorDate: 2026-05-28 13:51:26 +0000 Commit: Christos Margiolis <christos@FreeBSD.org> CommitDate: 2026-05-28 14:46:01 +0000 virtual_oss(8): Fix buffer overflow in voss_compressor() call This particular calls swaps the samples and maxchan arguments, which can cause a buffer overflow in p_ch_chain if maxchan exceeds its bounds (VMAX_CHAN). Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Sponsored by: The FreeBSD Foundation MFC after: 3 days Reviewed by: emaste --- usr.sbin/virtual_oss/virtual_oss/virtual_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.sbin/virtual_oss/virtual_oss/virtual_oss.c b/usr.sbin/virtual_oss/virtual_oss/virtual_oss.c index 1d95c87d57b1..42a748a5e3bd 100644 --- a/usr.sbin/virtual_oss/virtual_oss/virtual_oss.c +++ b/usr.sbin/virtual_oss/virtual_oss/virtual_oss.c @@ -783,8 +783,8 @@ virtual_oss_process(void *arg __unused) /* check if compressor should be applied */ voss_compressor(buffer_temp, pvp->rx_compressor_gain, - &pvp->rx_compressor_param, samples, - samples * src_chans, (1ULL << (pvp->bits - 1)) - 1ULL); + &pvp->rx_compressor_param, samples * src_chans, + src_chans, (1ULL << (pvp->bits - 1)) - 1ULL); TAILQ_FOREACH(pvc, &pvp->head, entry) {home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a185531.24195.1452040e>