1 files changed, 0 insertions, 61 deletions

diff --git a/results/classifier/deepseek-2-tmp/output/device/1435973 b/results/classifier/deepseek-2-tmp/output/device/1435973
deleted file mode 100644
index 3e0a8a27..00000000
--- a/results/classifier/deepseek-2-tmp/output/device/1435973
+++ /dev/null
@@ -1,61 +0,0 @@
-
-Qemu crash when a guest linux issues specific scsi command via ioctl(SG_IO) with SCSI disk emulation.
-
-As of git revision 362ca922eea03240916287a8a6267801ab095d12, when guest linux issues specifit scsi command, qemu crashes.
-
-To reproduce.
-
-1. launch qemu with scsi emulatoin
-qemu-sysytem-i386.exe -kernel bzImage -drive file=rootfs.ext2,index=0,if=scsi -append root=/dev/sda -drive file=\\.\PhysicalDrive1,index=1,if=scsi
-2. issues scsi command via ioctl(SG_IO) on guest linux. like below.
-
--------------------------
-struct request_sense sens;
-struct sg_io_hdr sg;
-unsigned char cdb[6];
-unsigned char buf[127];
-
-memset( &sens, 0, sizeof(sens) );
-memset(&sg, 0, sizeof(sg));
-memset(cdb, 0, sizeof(cdb));
-memset(buf, 0, sizeof(buf));
-
-// qemu crash!!!
-cdb[0] = 0xff;
-
-sg.dxferp = buf;
-sg.dxfer_len = sizeof(buf);
-sg.dxfer_direction = SG_DXFER_FROM_DEV;
-sg.flags = 0;
-sg.interface_id = 'S';
-sg.cmdp = cdb;
-sg.cmd_len = sizeof( cdb );
-sg.sbp = (unsigned char*)&sens;
-sg.mx_sb_len = sizeof( sens );
-
-ioctl( fd, SG_IO, &sg );
--------------------------
-
-I think cause is below code.
-
-scsi-bus.c L1239
-int scsi_req_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, uint8_t *buf)
-{
-    int rc;
-
-    cmd->lba = -1;
-    cmd->len = scsi_cdb_length(buf);
-    ...
-    memcpy(cmd->buf, buf, cmd->len);
-}
-
-scsi_cdb_length(buf) returns -1 when buf[0] is unexpected value.
-Then memcpy(cmd->buf, buf, 4294967295); is executed and crash.
-
-Environment
-Qemu: git revision 362ca922eea03240916287a8a6267801ab095d12
-Guest: linux kernel 3.18.4 + buildroot
-Host: Windows 7 64bit
-
-Thanks,
-hiroaki
\ No newline at end of file