summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_missing/2780.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2780.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_missing/2780.toml25
1 files changed, 25 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2780.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2780.toml
new file mode 100644
index 00000000..21596146
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_missing/2780.toml
@@ -0,0 +1,25 @@
+id = 2780
+title = "Out-of-bounds access in smc91c111_receive()"
+state = "closed"
+created_at = "2025-01-17T06:10:03.904Z"
+closed_at = "2025-02-17T08:25:14.195Z"
+labels = ["Fuzzer", "Networking", "workflow::Patch available"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2780"
+host-os = "Ubuntu 24.04"
+host-arch = "x86_64"
+qemu-version = "commit 4d5d933bb"
+guest-os = "n/a"
+guest-arch = "ARM"
+description = """An out-of-bounds access happens at hw/net/smc91c111.c:705.
+
+`hw/net/smc91c111.c:705:5: runtime error: index -1 out of bounds for type 'int[4]'`"""
+reproduce = """```
+export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine realview-eb"
+cat << EOF | ./qemu-system-arm $QEMU_ARGS -qtest /dev/null -qtest stdio
+writew 0x4e000005 0x227
+writel 0x4e00000b 0x25ab1f2
+writew 0x4e000000 0xaa6c
+clock_step
+EOF
+```"""
+additional = """"""