summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_missing/1102.toml
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-05-21 21:21:26 +0200
committerChristian Krinitsin <mail@krinitsin.com>2025-05-21 21:21:26 +0200
commit4b927bc37359dec23f67d3427fc982945f24f404 (patch)
tree245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_missing/host_missing/accel_missing/1102.toml
parentaa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff)
downloademulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz
emulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.zip
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/1102.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_missing/1102.toml46


1 files changed, 46 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/1102.toml b/gitlab/issues/target_missing/host_missing/accel_missing/1102.toml
new file mode 100644
index 00000000..779b3efe
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_missing/1102.toml
@@ -0,0 +1,46 @@
+id = 1102
+title = "qemu-user: zero_bss might raise segfault when segment is not writable"
+state = "opened"
+created_at = "2022-07-12T08:40:47.350Z"
+closed_at = "n/a"
+labels = ["linux-user"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/1102"
+host-os = "(Android)"
+host-arch = "(aarch64)"
+qemu-version = "(qemu-aarch64 version 7.0.50 (v7.0.0-2446-g9fed1bca6b-dirty))"
+guest-os = "n/a"
+guest-arch = "(aarch64)"
+description = """When a PT_LOAD segment with the following attributes presented in the user program,
+* MemSiz > FileSiz
+* NOT Writable
+
+qemu-aarch64 will crash with segment fault running it.
+
+
+
+
+in [linux-user/elfload.c: bss_zero](https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/elfload.c#L2097), the exceeded part is zero'ed without checking if it is writable
+```
+    if (host_start < host_map_start) {
+        memset((void *)host_start, 0, host_map_start - host_start);
+    }
+```"""
+reproduce = """1. ./qemu-aarch64 ./X.so"""
+additional = """readelf output of X.so
+```
+Program Headers:
+  Type           Offset             VirtAddr           PhysAddr                 FileSiz            MemSiz              Flags  Align
+  PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040       0x0000000000000230 0x0000000000000230  R E    0x8
+  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000       0x0000000000110270 0x00000000001c94e0  R E    0x10000
+  LOAD           0x0000000000129bd0 0x00000000001d9bd0 0x00000000001d9bd0       0x0000000000000438 0x00000000000004c0  RW     0x10000
+  LOAD           0x000000000013a008 0x00000000001ea008 0x00000000001ea008       0x0000000000017bd0 0x0000000000017bd0  RW     0x10000
+  LOAD           0x0000000000161bd8 0x0000000000211bd8 0x0000000000211bd8       0x000000000000f740 0x000000000000f740  RW     0x10000
+  DYNAMIC        0x0000000000161e60 0x0000000000211e60 0x0000000000211e60       0x00000000000001e0 0x00000000000001e0  RW     0x8
+  INTERP         0x0000000000089410 0x0000000000089410 0x0000000000089410       0x0000000000000015 0x0000000000000015  R      0x1
+      [Requesting program interpreter: /system/bin/linker64]
+  NOTE           0x000000000013dbc8 0x00000000001edbc8 0x00000000001edbc8       0x0000000000000011 0x0000000000000011  R      0x1
+  GNU_EH_FRAME   0x00000000001c86a4 0x00000000001c86a4 0x00000000001c86a4       0x00000000000002dc 0x00000000000002dc  R      0x4
+  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000       0x0000000000000000 0x0000000000000000  RW     0x10
+```
+
+X.so: https://drive.google.com/file/d/1A7mkWRcK2BKkpeevt8T6FVLg-t6mWdgi/view?usp=sharing"""