On Sunday, December 25, 2022 1:13:57 PM CET Qiang Liu wrote:
> Section 5.10.2 of the AC97 specification
> (https://hands.com/~lkcl/ac97_r23.pdf)
> shows the feasibility to support for rates other than 48kHZ. Specifically,
> AC97_PCM_Front_DAC_Rate (reg 2Ch) should be from 8kHZ to 48kHZ.
>
> Before Volker Rümelin fixed it in 12f4abf6a245 and 0cbc8bd4694f, an adversary
> could leverage this to crash QEMU.
>
> Fixes: e5c9a13e2670 ("PCI AC97 emulation by malc.")
> Reported-by: Volker Rümelin <vr_q...@t-online.de>
> Reported-by: Qiang Liu <cyruscy...@gmail.com>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1393
> Signed-off-by: Qiang Liu <cyruscy...@gmail.com>
> ---
> hw/audio/ac97.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
> index be2dd701a4..826411e462 100644
> --- a/hw/audio/ac97.c
> +++ b/hw/audio/ac97.c
> @@ -625,9 +625,14 @@ static void nam_writew(void *opaque, uint32_t addr,
> uint32_t val)
> break;
> case AC97_PCM_Front_DAC_Rate:
> if (mixer_load(s, AC97_Extended_Audio_Ctrl_Stat) & EACS_VRA) {
> - mixer_store(s, addr, val);
> - dolog("Set front DAC rate to %d\n", val);
> - open_voice(s, PO_INDEX, val);
> + if (val >= 8000 && val <= 48000) {
> + mixer_store(s, addr, val);
> + dolog("Set front DAC rate to %d\n", val);
> + open_voice(s, PO_INDEX, val);
> + } else {
> + dolog("Attempt to set front DAC rate to %d, but valid is"
> + "8-48kHZ\n", val);
> + }
Missing space between "is" and "8-48kHz" and it is "Hz" (lower z). Except of
that:
Reviewed-by: Christian Schoenebeck <qemu_...@crudebyte.com>
> } else {
> dolog("Attempt to set front DAC rate to %d, but VRA is not
> set\n",
> val);
>
