summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_missing/2758.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2758.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_missing/2758.toml31
1 files changed, 31 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2758.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2758.toml
new file mode 100644
index 00000000..d60af86b
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_missing/2758.toml
@@ -0,0 +1,31 @@
+id = 2758
+title = "Out-of-bounds access smc91c111_readb()"
+state = "closed"
+created_at = "2024-12-31T07:03:52.888Z"
+closed_at = "2025-03-13T07:03:13.824Z"
+labels = ["Fuzzer", "Networking", "workflow::Patch available"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2758"
+host-os = "Ubuntu"
+host-arch = "x86_64"
+qemu-version = "commit 7c89e226f8"
+guest-os = "n/a"
+guest-arch = "ARM"
+description = """An out-of-bounds bug was triggered by my fuzzer.
+
+It looks like the code doesn't have boundary checks for `data`'s access.
+
+The error is `hw/net/smc91c111.c:605:24: runtime error: index 2048 out of bounds for type 'uint8_t[2048]' (aka 'unsigned char[2048]')`
+
+It's likely that the line 457 also needs a check."""
+reproduce = """```
+export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine realview-eb"
+cat << EOF | ./qemu-system-arm $QEMU_ARGS -qtest /dev/null -qtest stdio
+writew 0x4e00000c 0x46084a4a
+writel 0x4e00000c 0x5c022fcc
+clock_step
+writel 0x4e000004 0x2fffa1b1
+clock_step
+readl 0x4e000008
+EOF
+```"""
+additional = """"""