diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-30 12:24:58 +0000 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-30 12:27:06 +0000 |
| commit | 33606b41d35115f887ea688b1a16f2ff85bf2fe4 (patch) | |
| tree | 406b2c7b19a087ba437c68f3dbf0b589fa1d6150 /results/scraper/launchpad-without-comments/1907497 | |
| parent | adedf8771bc4de3113041ca21bd4d0d1c0014b6a (diff) | |
| download | emulator-bug-study-33606b41d35115f887ea688b1a16f2ff85bf2fe4.tar.gz emulator-bug-study-33606b41d35115f887ea688b1a16f2ff85bf2fe4.zip | |
add launchpad bug reports without comments
Diffstat (limited to 'results/scraper/launchpad-without-comments/1907497')
| -rw-r--r-- | results/scraper/launchpad-without-comments/1907497 | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1907497 b/results/scraper/launchpad-without-comments/1907497 new file mode 100644 index 00000000..ffac6fa8 --- /dev/null +++ b/results/scraper/launchpad-without-comments/1907497 @@ -0,0 +1,58 @@ +[OSS-Fuzz] Issue 28435 qemu:qemu-fuzz-i386-target-generic-fuzz-intel-hda: Stack-overflow in ldl_le_dma + + affects qemu + +=== Reproducer (build with --enable-sanitizers) === + +cat << EOF | ./qemu-system-i386 -machine q35 -nodefaults \ +-device intel-hda,id=hda0 -device hda-output,bus=hda0.0 \ +-device hda-micro,bus=hda0.0 -device hda-duplex,bus=hda0.0 \ +-qtest stdio +outl 0xcf8 0x80000804 +outw 0xcfc 0xffff +write 0x0 0x1 0x12 +write 0x2 0x1 0x2f +outl 0xcf8 0x80000811 +outl 0xcfc 0x5a6a4406 +write 0x6a44005a 0x1 0x11 +write 0x6a44005c 0x1 0x3f +write 0x6a442050 0x4 0x0000446a +write 0x6a44204a 0x1 0xf3 +write 0x6a44204c 0x1 0xff +writeq 0x6a44005a 0x17b3f0011 +write 0x6a442050 0x4 0x0000446a +write 0x6a44204a 0x1 0xf3 +write 0x6a44204c 0x1 0xff +EOF + +=== Stack Trace === +==411958==ERROR: AddressSanitizer: stack-overflow on address 0x7ffcaeb8bc88 (pc 0x55c7c9dc1159 bp 0x7ffcaeb8c4d0 sp 0x7ffcaeb8bc90 T0) + #0 0x55c7c9dc1159 in __asan_memcpy (u-system-i386+0x2a13159) + #1 0x55c7cb2a457e in flatview_do_translate softmmu/physmem.c:513:12 + #2 0x55c7cb2bdab0 in flatview_translate softmmu/physmem.c:563:15 + #3 0x55c7cb2bdab0 in flatview_read softmmu/physmem.c:2861:10 + #4 0x55c7cb2bdab0 in address_space_read_full softmmu/physmem.c:2875:18 + #5 0x55c7caaec937 in dma_memory_rw_relaxed include/sysemu/dma.h:87:18 + #6 0x55c7caaec937 in dma_memory_rw include/sysemu/dma.h:110:12 + #7 0x55c7caaec937 in dma_memory_read include/sysemu/dma.h:116:12 + #8 0x55c7caaec937 in ldl_le_dma include/sysemu/dma.h:179:1 + #9 0x55c7caaec937 in ldl_le_pci_dma include/hw/pci/pci.h:816:1 + #10 0x55c7caaec937 in intel_hda_corb_run hw/audio/intel-hda.c:338:16 + #11 0x55c7cb2e7198 in memory_region_write_accessor softmmu/memory.c:491:5 + #12 0x55c7cb2e6bd3 in access_with_adjusted_size softmmu/memory.c:552:18 + #13 0x55c7cb2e646c in memory_region_dispatch_write softmmu/memory.c + #14 0x55c7cb2c8445 in flatview_write_continue softmmu/physmem.c:2759:23 + #15 0x55c7cb2bdfb8 in flatview_write softmmu/physmem.c:2799:14 + #16 0x55c7cb2bdfb8 in address_space_write softmmu/physmem.c:2891:18 + #17 0x55c7caae2c54 in dma_memory_rw_relaxed include/sysemu/dma.h:87:18 + #18 0x55c7caae2c54 in dma_memory_rw include/sysemu/dma.h:110:12 + #19 0x55c7caae2c54 in dma_memory_write include/sysemu/dma.h:122:12 + #20 0x55c7caae2c54 in stl_le_dma include/sysemu/dma.h:179:1 + #21 0x55c7caae2c54 in stl_le_pci_dma include/hw/pci/pci.h:816:1 + #22 0x55c7caae2c54 in intel_hda_response hw/audio/intel-hda.c:370:5 + #23 0x55c7caaeca00 in intel_hda_corb_run hw/audio/intel-hda.c:342:9 + #24 0x55c7cb2e7198 in memory_region_write_accessor softmmu/memory.c:491:5 +... + +OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28435 + |