Date: Mon, 01 Jun 2026 17:32:27 +0000 From: Christos Margiolis <christos@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 369207a6c471 - stable/15 - virtual_oss(8): Fix buffer overflow in voss_compressor() call Message-ID: <6a1dc22b.1bb5e.5a7ba644@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/15 has been updated by christos: URL: https://cgit.FreeBSD.org/src/commit/?id=369207a6c4713c64d2411eb96e3f0d6ddab6169e commit 369207a6c4713c64d2411eb96e3f0d6ddab6169e Author: Christos Margiolis <christos@FreeBSD.org> AuthorDate: 2026-05-28 13:51:26 +0000 Commit: Christos Margiolis <christos@FreeBSD.org> CommitDate: 2026-06-01 17:32:18 +0000 virtual_oss(8): Fix buffer overflow in voss_compressor() call This particular calls swaps the samples and maxchan arguments, which can cause a buffer overflow in p_ch_chain if maxchan exceeds its bounds (VMAX_CHAN). Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai Sponsored by: The FreeBSD Foundation MFC after: 3 days Reviewed by: emaste (cherry picked from commit 453de99b386d40754a038cc4b804f4c7a3b04624) --- usr.sbin/virtual_oss/virtual_oss/virtual_oss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr.sbin/virtual_oss/virtual_oss/virtual_oss.c b/usr.sbin/virtual_oss/virtual_oss/virtual_oss.c index 18af38d8e7aa..1da50979873d 100644 --- a/usr.sbin/virtual_oss/virtual_oss/virtual_oss.c +++ b/usr.sbin/virtual_oss/virtual_oss/virtual_oss.c @@ -781,8 +781,8 @@ virtual_oss_process(void *arg __unused) /* check if compressor should be applied */ voss_compressor(buffer_temp, pvp->rx_compressor_gain, - &pvp->rx_compressor_param, samples, - samples * src_chans, (1ULL << (pvp->bits - 1)) - 1ULL); + &pvp->rx_compressor_param, samples * src_chans, + src_chans, (1ULL << (pvp->bits - 1)) - 1ULL); TAILQ_FOREACH(pvc, &pvp->head, entry) {home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a1dc22b.1bb5e.5a7ba644>