summary refs log tree commit diff stats
path: root/results/scraper/launchpad-without-comments/1890152
diff options
context:
space:
mode:
Diffstat (limited to 'results/scraper/launchpad-without-comments/1890152')
-rw-r--r--results/scraper/launchpad-without-comments/189015255
1 files changed, 55 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1890152 b/results/scraper/launchpad-without-comments/1890152
new file mode 100644
index 00000000..0fb7f3f3
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1890152
@@ -0,0 +1,55 @@
+malloc 0xff0000030 bytes with vmxnet3
+
+Hello,
+This reproducer causes vmxnet3 to malloc 0xff0000030 bytes
+
+cat << EOF | ./i386-softmmu/qemu-system-i386 \
+-device vmxnet3 -m 64 -nodefaults -qtest stdio -nographic 
+outl 0xcf8 0x80001014
+outl 0xcfc 0xe0001000
+outl 0xcf8 0x80001018
+outl 0xcf8 0x80001004
+outw 0xcfc 0x7
+write 0x0 0x1 0xe1
+write 0x1 0x1 0xfe
+write 0x2 0x1 0xbe
+write 0x3 0x1 0xba
+write 0x3e 0x1 0x05
+write 0x28 0x1 0xe1
+write 0x29 0x1 0xfe
+write 0x2a 0x1 0xff
+write 0x2b 0x1 0xff
+write 0x2c 0x1 0xff
+write 0x2d 0x1 0xff
+write 0x2e 0x1 0xff
+write 0x2f 0x1 0xff
+write 0x31c 0x1 0xff
+writeq 0xe0001020 0xef0bff5ecafe0000
+EOF
+
+
+
+=================================================================
+==25727==ERROR: AddressSanitizer: allocator is out of memory trying to allocate 0xff0000030 bytes
+    #0 0x56476a43731d in malloc (/home/alxndr/Development/qemu/general-fuzz/build/i386-softmmu/qemu-system-i386+0x2bba31d)
+    #1 0x7fca345a8500 in g_malloc (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x54500)
+    #2 0x56476c616312 in vmxnet3_activate_device /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1504:5
+    #3 0x56476c6101ba in vmxnet3_handle_command /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1576:9
+    #4 0x56476c60d30f in vmxnet3_io_bar1_write /home/alxndr/Development/qemu/general-fuzz/hw/net/vmxnet3.c:1772:9
+    #5 0x56476b11d383 in memory_region_write_accessor /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:483:5
+    #6 0x56476b11c827 in access_with_adjusted_size /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:544:18
+    #7 0x56476b11a446 in memory_region_dispatch_write /home/alxndr/Development/qemu/general-fuzz/softmmu/memory.c:1466:16
+    #8 0x56476a4cb696 in flatview_write_continue /home/alxndr/Development/qemu/general-fuzz/exec.c:3176:23
+    #9 0x56476a4b3eb6 in flatview_write /home/alxndr/Development/qemu/general-fuzz/exec.c:3216:14
+    #10 0x56476a4b39d7 in address_space_write /home/alxndr/Development/qemu/general-fuzz/exec.c:3308:18
+    #11 0x56476b1c4614 in qtest_process_command /home/alxndr/Development/qemu/general-fuzz/softmmu/qtest.c:452:13
+    #12 0x56476b1bbc18 in qtest_process_inbuf /home/alxndr/Development/qemu/general-fuzz/softmmu/qtest.c:710:9
+    #13 0x56476b1ba8a5 in qtest_read /home/alxndr/Development/qemu/general-fuzz/softmmu/qtest.c:722:5
+    #14 0x56476e063f03 in qemu_chr_be_write_impl /home/alxndr/Development/qemu/general-fuzz/chardev/char.c:188:9
+    #15 0x56476e064087 in qemu_chr_be_write /home/alxndr/Development/qemu/general-fuzz/chardev/char.c:200:9
+    #16 0x56476e078373 in fd_chr_read /home/alxndr/Development/qemu/general-fuzz/chardev/char-fd.c:68:9
+    #17 0x56476e1cc734 in qio_channel_fd_source_dispatch /home/alxndr/Development/qemu/general-fuzz/io/channel-watch.c:84:12
+    #18 0x7fca345a2897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
+
+
+-Alex
\ No newline at end of file