4f50d4a48e
In function oss_read() a read error currently does not exit the
read loop. With no data to read the variable pos will quickly
underflow and a subsequent successful read overwrites memory
outside the buffer. This patch adds the missing break statement
to the error path of the function.
To reproduce start qemu with -audiodev oss,id=audio0 and in the
guest start audio recording. After some time this will trigger
an exception.
Fixes:
|
||
|---|---|---|
| .. | ||
| alsaaudio.c | ||
| audio.c | ||
| audio.h | ||
| audio_int.h | ||
| audio_legacy.c | ||
| audio_template.h | ||
| audio_win_int.c | ||
| audio_win_int.h | ||
| coreaudio.c | ||
| dsound_template.h | ||
| dsoundaudio.c | ||
| jackaudio.c | ||
| Makefile.objs | ||
| mixeng.c | ||
| mixeng.h | ||
| mixeng_template.h | ||
| noaudio.c | ||
| ossaudio.c | ||
| paaudio.c | ||
| rate_template.h | ||
| sdlaudio.c | ||
| spiceaudio.c | ||
| trace-events | ||
| wavaudio.c | ||
| wavcapture.c | ||