summary refs log tree commit diff stats
path: root/results/classifier/105/instruction/1354529
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/105/instruction/1354529')
-rw-r--r--results/classifier/105/instruction/135452962
1 files changed, 62 insertions, 0 deletions
diff --git a/results/classifier/105/instruction/1354529 b/results/classifier/105/instruction/1354529
new file mode 100644
index 00000000..e5719bac
--- /dev/null
+++ b/results/classifier/105/instruction/1354529
@@ -0,0 +1,62 @@
+instruction: 0.849
+graphic: 0.780
+device: 0.740
+socket: 0.738
+semantic: 0.705
+network: 0.681
+vnc: 0.644
+boot: 0.560
+mistranslation: 0.414
+KVM: 0.393
+assembly: 0.306
+other: 0.243
+
+qemu-io: Assert failure on the fuzzed qcow2 image
+
+'qemu-io -c write' failed on the fuzzed image with missed refcount tables:
+
+Sequence:
+ 1. Unpack the attached archive, make a copy of test.img
+ 2. Put copy.img and backing_img.cow in the same directory
+ 3. Execute
+   qemu-io copy.img -c 'write 2856960 208896'
+
+Result: qemu-io was killed by SIGIOT with the reason:
+
+qemu-io: block/qcow2-cluster.c:910: handle_copied: Assertion `*host_offset == 0 
+|| offset_into_cluster(s, guest_offset) == offset_into_cluster(s, *host_offset)'
+ failed.
+
+qemu.git HEAD 2d591ce2aeebf
+
+
+
+Hi,
+
+The problem here is that an L2 table contains an offset which is not aligned on cluster boundaries. To turn the failed assertion into an EIO (and probably we also want to mark the image corrupt), we'd have to verify every single L2 entry when it is read.
+
+We can (and should) most certainly do that, but as it doesn't seem too urgent, it may take some time.
+
+Max
+
+Hi,
+
+This issue has been fixed in master (5f77ef69a195098baddfdc6d189f1b4a94587378):
+
+$ ./qemu-io copy.img -c 'write 2856960 208896'
+qcow2_free_clusters failed: Invalid argument
+qcow2_free_clusters failed: Invalid argument
+qcow2_free_clusters failed: Invalid argument
+qcow2_free_clusters failed: Invalid argument
+qcow2_free_clusters failed: Invalid argument
+qcow2_free_clusters failed: File too large
+qcow2_free_clusters failed: Invalid argument
+qcow2: Image is corrupt: Cannot free unaligned cluster 0xfffffffffffe00; further non-fatal corruption events will be suppressed
+qcow2_free_clusters failed: Invalid argument
+qcow2: Marking image as corrupt: Data cluster offset 0xfffffe00 unaligned (guest offset: 0x2e1000); further corruption events will be suppressed
+write failed: Input/output error
+
+Thanks for your report (and your fuzzer),
+
+Max
+