Index: /trunk/src/VBox/Devices/Audio/DevCodec.cpp =================================================================== --- /trunk/src/VBox/Devices/Audio/DevCodec.cpp (revision 31263) +++ /trunk/src/VBox/Devices/Audio/DevCodec.cpp (revision 31264) @@ -123,5 +123,5 @@ int rc; rc = codecUnimplemented(pState, cmd, pResp); - *pResp |= CODEC_RESPONSE_UNSOLICITED; /* ??? */ + *pResp |= CODEC_RESPONSE_UNSOLICITED; return rc; } @@ -130,4 +130,11 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; PCODECNODE pNode = &pState->pNodes[CODEC_NID(cmd)]; if (STAC9220_IS_DAC_CMD(cmd)) @@ -152,5 +159,4 @@ CODEC_B_INDEX(cmd)); else{ - *pResp = 0; AssertMsgReturn(0, ("access to fields of %x need to be implemented\n", CODEC_NID(cmd)), VINF_SUCCESS); } @@ -161,7 +167,12 @@ { uint32_t *pu32Bparam = NULL; - //** @todo r=michaln: Missing NID bounds checking! + Assert((CODEC_CAD(cmd) == pState->id)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; PCODECNODE pNode = &pState->pNodes[CODEC_NID(cmd)]; - *pResp = 0; if (STAC9220_IS_DAC_CMD(cmd)) pu32Bparam = &LIFIER_REGISTER(pNode->dac.B_params, @@ -196,5 +207,16 @@ { Assert((CODEC_CAD(cmd) == pState->id)); - //** @todo r=michaln: This is not bounds checked and may overflow the pNodes array! + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + Assert(((cmd & CODEC_VERB_8BIT_DATA) < 16)); + if ((cmd & CODEC_VERB_8BIT_DATA) >= 16) + { + Log(("HDAcodec: invalide F00 parameter %d\n", (cmd & CODEC_VERB_8BIT_DATA))); + return VINF_SUCCESS; + } + *pResp = 0; *pResp = pState->pNodes[CODEC_NID(cmd)].node.au32F00_param[cmd & CODEC_VERB_8BIT_DATA]; return VINF_SUCCESS; @@ -205,4 +227,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_ADCMUX_CMD(cmd)) @@ -218,4 +246,10 @@ { uint32_t *pu32Reg = NULL; + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_ADCMUX_CMD(cmd)) @@ -234,4 +268,12 @@ static int codecGetPinCtrl(struct CODECState *pState, uint32_t cmd, uint64_t *pResp) { + Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; if (STAC9220_IS_PORT_CMD(cmd)) *pResp = pState->pNodes[CODEC_NID(cmd)].port.u32F07_param; @@ -251,6 +293,13 @@ static int codecSetPinCtrl(struct CODECState *pState, uint32_t cmd, uint64_t *pResp) { + Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; uint32_t *pu32Reg = NULL; - *pResp = 0; if (STAC9220_IS_PORT_CMD(cmd)) pu32Reg = &pState->pNodes[CODEC_NID(cmd)].port.u32F07_param; @@ -272,4 +321,11 @@ static int codecGetUnsolicitedEnabled(struct CODECState *pState, uint32_t cmd, uint64_t *pResp) { + Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_PORT_CMD(cmd)) @@ -289,4 +345,11 @@ static int codecSetUnsolicitedEnabled(struct CODECState *pState, uint32_t cmd, uint64_t *pResp) { + Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; uint32_t *pu32Reg = NULL; @@ -300,7 +363,8 @@ pu32Reg = &pState->pNodes[CODEC_NID(cmd)].volumeKnob.u32F08_param; else - //** @todo r=michaln: This will crash in release builds! (pu32Reg will be NULL here) AssertMsgFailed(("unsupported operation %x on node: %x\n", CODEC_VERB_CMD8(cmd), CODEC_NID(cmd))); Assert(pu32Reg); + if(!pu32Reg) + return VINF_SUCCESS; *pu32Reg &= ~CODEC_VERB_8BIT_DATA; *pu32Reg |= cmd & CODEC_VERB_8BIT_DATA; @@ -311,4 +375,11 @@ static int codecGetPinSense(struct CODECState *pState, uint32_t cmd, uint64_t *pResp) { + Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_PORT_CMD(cmd)) @@ -324,4 +395,11 @@ static int codecSetPinSense(struct CODECState *pState, uint32_t cmd, uint64_t *pResp) { + Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; uint32_t *pu32Reg = NULL; @@ -341,5 +419,15 @@ { Assert((CODEC_CAD(cmd) == pState->id)); - //** @todo r=michaln: Again, possible pNodes array overflow + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + Assert((cmd & CODEC_VERB_8BIT_DATA) < 16); + if ((cmd & CODEC_VERB_8BIT_DATA) >= 16) + { + Log(("HDAcodec: access to invalide F02 index %d\n", (cmd & CODEC_VERB_8BIT_DATA))); + } *pResp = *(uint32_t *)&pState->pNodes[CODEC_NID(cmd)].node.au8F02_param[cmd & CODEC_VERB_8BIT_DATA]; return VINF_SUCCESS; @@ -349,4 +437,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_ADC_CMD(cmd)) @@ -358,4 +452,11 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; if (STAC9220_IS_ADC_CMD(cmd)) { @@ -363,5 +464,4 @@ pState->pNodes[CODEC_NID(cmd)].adc.u32F03_param |= cmd & CODEC_VERB_8BIT_DATA; } - *pResp = 0; return VINF_SUCCESS; } @@ -370,4 +470,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_SPDIFOUT_CMD(cmd)) @@ -381,4 +487,11 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; if (STAC9220_IS_SPDIFOUT_CMD(cmd)) { @@ -391,5 +504,4 @@ pState->pNodes[CODEC_NID(cmd)].spdifin.u32F0d_param |= cmd & CODEC_VERB_8BIT_DATA; } - *pResp = 0; return VINF_SUCCESS; } @@ -398,4 +510,11 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; if (STAC9220_IS_SPDIFOUT_CMD(cmd)) { @@ -408,5 +527,4 @@ pState->pNodes[CODEC_NID(cmd)].spdifin.u32F0d_param |= cmd & (CODEC_VERB_8BIT_DATA << 8); } - *pResp = 0; return VINF_SUCCESS; } @@ -415,9 +533,15 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; if (STAC9220_IS_AFG_CMD(cmd)) { *pResp = pState->pNodes[CODEC_NID(cmd)].afg.u32F20_param; } - //** @todo r=michaln: pResp must always be filled out return VINF_SUCCESS; } @@ -446,4 +570,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_AFG_CMD(cmd)) @@ -462,4 +592,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } uint32_t *pu32Reg = NULL; *pResp = 0; @@ -484,12 +620,15 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; if (STAC9220_IS_DAC_CMD(cmd)) *pResp = pState->pNodes[CODEC_NID(cmd)].dac.u32F06_param; else if (STAC9220_IS_ADC_CMD(cmd)) *pResp = pState->pNodes[CODEC_NID(cmd)].adc.u32F06_param; - else - *pResp = 0; /* STAC9220 6.20 6.13-6.18: no response supposed for this verb. */ - //** @todo r=michaln: Is this intentional? I don't think we should always return 0? - *pResp = 0; return VINF_SUCCESS; } @@ -497,4 +636,11 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; uint32_t *pu32addr = NULL; *pResp = 0; @@ -516,4 +662,11 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; if (STAC9220_IS_DAC_CMD(cmd)) *pResp = pState->pNodes[CODEC_NID(cmd)].dac.u32A_param; @@ -524,6 +677,4 @@ else if (STAC9220_IS_SPDIFIN_CMD(cmd)) *pResp = pState->pNodes[CODEC_NID(cmd)].spdifin.u32A_param; - else - *pResp = 0; return VINF_SUCCESS; } @@ -532,4 +683,11 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; if (STAC9220_IS_DAC_CMD(cmd)) { @@ -552,5 +710,4 @@ pState->pNodes[CODEC_NID(cmd)].spdifin.u32A_param |= cmd & CODEC_VERB_16BIT_DATA; } - *pResp = 0; return VINF_SUCCESS; } @@ -560,4 +717,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_ADCVOL_CMD(cmd)) @@ -574,6 +737,12 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } + *pResp = 0; uint32_t *pu32Reg = NULL; - *pResp = 0; if (STAC9220_IS_ADCVOL_CMD(cmd)) pu32Reg = &pState->pNodes[CODEC_NID(cmd)].adcvol.u32F0c_param; @@ -596,4 +765,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_VOLKNOB_CMD(cmd)) @@ -606,9 +781,14 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } uint32_t *pu32Reg = NULL; *pResp = 0; if (STAC9220_IS_VOLKNOB_CMD(cmd)) pu32Reg = &pState->pNodes[CODEC_NID(cmd)].volumeKnob.u32F0f_param; - *pResp = 0; Assert((pu32Reg)); if (pu32Reg) @@ -624,4 +804,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } *pResp = 0; if (STAC9220_IS_PORT_CMD(cmd)) @@ -638,4 +824,10 @@ { Assert((CODEC_CAD(cmd) == pState->id)); + Assert((CODEC_NID(cmd) < STAC9220_NODE_COUNT)); + if (CODEC_NID(cmd) >= STAC9220_NODE_COUNT) + { + Log(("HDAcodec: invalide node address %d\n", CODEC_NID(cmd))); + return VINF_SUCCESS; + } uint32_t *pu32Reg = NULL; if (STAC9220_IS_PORT_CMD(cmd))