summary refs log tree commit diff stats
path: root/results/classifier/gemma3:27b/runtime/1812
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--results/classifier/gemma3:27b/runtime/181228
-rw-r--r--results/classifier/gemma3:27b/runtime/181245117
-rw-r--r--results/classifier/gemma3:27b/runtime/181286125
3 files changed, 70 insertions, 0 deletions
diff --git a/results/classifier/gemma3:27b/runtime/1812 b/results/classifier/gemma3:27b/runtime/1812
new file mode 100644
index 00000000..014e2dbf
--- /dev/null
+++ b/results/classifier/gemma3:27b/runtime/1812
@@ -0,0 +1,28 @@
+
+
+
+older programs running under qemu-aarch64 segfaults
+Description of problem:
+Numerous aarch64 programs segfaults when run under qemu-aarch64.
+Steps to reproduce:
+1. Install an arm64 chroot (with working qemu-aarch64 binfmt_misc setup):
+```
+debootstrap --variant=minbase --arch=arm64 jessie /tmp/jessie-arm64/ http://archive.debian.org/debian
+or
+debootstrap --variant=minbase --arch=arm64 xenial /tmp/xenial-arm64/ http://ports.ubuntu.com/
+```
+2. build qemu-aarch64; cp qemu-aarch64 /tmp/jessie-arm64/
+3. chroot /tmp/jessie-arm64/
+4. ./qemu-aarch64 /bin/ls
+```
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+Segmentation fault 
+```
+Additional information:
+Old userspace (eg Debian jessie, Ubuntu xenial) does not work within qemu 8.1-rc2 aarch64 linux-user emulation, since commit 59b6b42cd3446862567637f3a7ab31d69c9bef51 .  My guess is that old userspace isn't prepared for recent CPU features, but it still smells strange.
+
+Not all programs segfaults. dash works, ls or bash does not.
+
+A chroot is easier in this case, since many old programs don't run inside current environment, like asserting while reading locale-specific information.  To run debootstrap and to enter the resulting chroot, a working qemu-aarch64 binfmt_misc setup is needed.
+
+Reverting the mentioned commit makes everything work again.
diff --git a/results/classifier/gemma3:27b/runtime/1812451 b/results/classifier/gemma3:27b/runtime/1812451
new file mode 100644
index 00000000..208d03c3
--- /dev/null
+++ b/results/classifier/gemma3:27b/runtime/1812451
@@ -0,0 +1,17 @@
+
+
+
+In windows host, tftp arbitrary file read vulnerability
+
+https://github.com/qemu/qemu/blob/master/slirp/tftp.c#L343
+
+  if (!strncmp(req_fname, "../", 3) ||
+      req_fname[strlen(req_fname) - 1] == '/' ||
+      strstr(req_fname, "/../")) {
+      tftp_send_error(spt, 2, "Access violation", tp);
+      return;
+  }
+
+There are file path check for not allowing escape tftp directory.
+But, in windows, file path is separated by "\" backslash.
+So, guest can read arbitrary file in Windows host.
\ No newline at end of file
diff --git a/results/classifier/gemma3:27b/runtime/1812861 b/results/classifier/gemma3:27b/runtime/1812861
new file mode 100644
index 00000000..6acdc2c3
--- /dev/null
+++ b/results/classifier/gemma3:27b/runtime/1812861
@@ -0,0 +1,25 @@
+
+
+
+QEMU in user-mode emulation mode crashes when the user program jumps to an invalid address
+
+Running this code:
+
+void (*func)() = 0x12345678;
+
+int main()
+{
+    func();
+    return 0;
+}
+
+Produces the following output:
+
+qemu-arm-static: /build/qemu-DqynNa/qemu-2.8+dfsg/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed.
+qemu-arm-static: /build/qemu-DqynNa/qemu-2.8+dfsg/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed.
+Segmentation fault
+
+The expected result is as follows:
+
+qemu: uncaught target signal 11 (Segmentation fault) - core dumped
+Segmentation fault
\ No newline at end of file