diff options
Diffstat (limited to 'results/classifier/118/device/1581308')
| -rw-r--r-- | results/classifier/118/device/1581308 | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/results/classifier/118/device/1581308 b/results/classifier/118/device/1581308 new file mode 100644 index 00000000..d5fc939d --- /dev/null +++ b/results/classifier/118/device/1581308 @@ -0,0 +1,55 @@ +x86: 0.992 +architecture: 0.976 +device: 0.966 +peripherals: 0.946 +ppc: 0.934 +vnc: 0.918 +graphic: 0.893 +PID: 0.861 +network: 0.823 +i386: 0.820 +kernel: 0.789 +KVM: 0.788 +files: 0.772 +socket: 0.753 +performance: 0.722 +register: 0.713 +boot: 0.711 +permissions: 0.706 +VMM: 0.688 +user-level: 0.680 +risc-v: 0.676 +TCG: 0.658 +mistranslation: 0.650 +semantic: 0.645 +hypervisor: 0.608 +arm: 0.594 +virtual: 0.551 +debug: 0.477 +assembly: 0.197 + +ohci doesn't check the 'num-ports' property + +command: +qemu-system-x86_64 -m 1024 -enable-kvm /root/centos6.img -enable-kvm -device pci-ohci,num-ports=100,masterbus=1 + +The ohci doesn't check the 'num-ports' property and would case an out-of-bands write,crash the qemu process. + + ohci->num_ports = num_ports; + if (masterbus) { + USBPort *ports[OHCI_MAX_PORTS]; + for(i = 0; i < num_ports; i++) { + ports[i] = &ohci->rhport[i].port; + } + +The version of qemu is 2.6.0 release from +http://wiki.qemu-project.org/download/qemu-2.6.0.tar.bz2 + +I was able to reproduce the crash, and proposed now a fix on the qemu-devel mailing list (see https://patchwork.ozlabs.org/patch/625092/ for details) + +The fix has been included in the repository: + +http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d400fc018b326104d26 + +Thanks for reporting the issue! + |