diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 19:39:53 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 19:39:53 +0200 |
| commit | dee4dcba78baf712cab403d47d9db319ab7f95d6 (patch) | |
| tree | 418478faf06786701a56268672f73d6b0b4eb239 /results/classifier/semantic-bugs/instruction/1377 | |
| parent | 4d9e26c0333abd39bdbd039dcdb30ed429c475ba (diff) | |
| download | emulator-bug-study-dee4dcba78baf712cab403d47d9db319ab7f95d6.tar.gz emulator-bug-study-dee4dcba78baf712cab403d47d9db319ab7f95d6.zip | |
restructure results
Diffstat (limited to 'results/classifier/semantic-bugs/instruction/1377')
| -rw-r--r-- | results/classifier/semantic-bugs/instruction/1377 | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/results/classifier/semantic-bugs/instruction/1377 b/results/classifier/semantic-bugs/instruction/1377 deleted file mode 100644 index f3d87d4f..00000000 --- a/results/classifier/semantic-bugs/instruction/1377 +++ /dev/null @@ -1,27 +0,0 @@ -instruction: 0.973 -assembly: 0.847 -device: 0.773 -vnc: 0.768 -graphic: 0.742 -boot: 0.462 -socket: 0.412 -KVM: 0.326 -semantic: 0.321 -network: 0.279 -other: 0.095 -mistranslation: 0.073 - -x86 CVT* series instructions fault -Description of problem: -For example, CVTSD2SS instruction converts SRC[63:0] double precision floating point to DEST[31:0] single precision floating point. Although the CVTSD2SS instruction uses only 8 bytes, if it overlaps page boundary, I think QEMU tries to access over the valid memory and crashes. -Steps to reproduce: -1. Compile this code -``` -void main() { - mmap(0x555555559000, 0x1000, flag, ~~, 0); - asm("cvtsd2ss xmm1, qword ptr [0x555555559ff8]"); -} -``` -2. Execute. QEMU crashes but CPU does not. -Additional information: -This bug is discovered by research conducted by KAIST SoftSec. |