From 4b927bc37359dec23f67d3427fc982945f24f404 Mon Sep 17 00:00:00 2001 From: Christian Krinitsin Date: Wed, 21 May 2025 21:21:26 +0200 Subject: add gitlab issues in toml format --- .../host_missing/accel_missing/2268.toml | 51 ++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 gitlab/issues/target_missing/host_missing/accel_missing/2268.toml (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2268.toml') diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2268.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2268.toml new file mode 100644 index 00000000..8cce9e0f --- /dev/null +++ b/gitlab/issues/target_missing/host_missing/accel_missing/2268.toml @@ -0,0 +1,51 @@ +id = 2268 +title = "Out of bounds access in smc91c111_readb()" +state = "closed" +created_at = "2024-04-06T01:19:43.809Z" +closed_at = "2024-04-10T17:55:02.119Z" +labels = ["Fuzzer", "Networking", "Stable::to backport", "workflow::Patch available"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/2268" +host-os = "Ubuntu 20.04" +host-arch = "x86_64" +qemu-version = "commit fea445e8fe9acea4f" +guest-os = "Ubuntu 20.04" +guest-arch = "arm" +description = """I detected an out-of-bounds access in smc91c111_readb with my fuzzer. + +Stack trace (part):\\ +`hw/net/smc91c111.c:607:24: runtime error: index 175 out of bounds for`\\ +`type 'uint8_t[4][2048]' (aka 'unsigned char[4][2048]')`\\ +`SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior`\\ +`hw/net/smc91c111.c:607:24 in`\\ +`AddressSanitizer:DEADLYSIGNAL`\\ +`==============================``==============================``=====`\\ +`==397944==ERROR: AddressSanitizer: SEGV on unknown address`\\ +`0x629000077db4 (pc 0x56272aed3b8d bp 0x7ffd1471f290 sp 0x7ffd1471ea20`\\ +`T0)`\\ +`==397944==The signal is caused by a READ memory access.`\\ +    `#0 0x56272aed3b8d in smc91c111_readb hw/net/smc91c111.c:607:24`\\ +    `#1 0x56272aecfd61 in smc91c111_readfn hw/net/smc91c111.c:650:16`\\ +    `#2 0x56272d4b228b in memory_region_read_accessor system/memory.c:445:11`\\ +    `#3 0x56272d46fb85 in access_with_adjusted_size system/memory.c:573:18`\\ +    `#4 0x56272d46c58e in memory_region_dispatch_read1 system/memory.c:1426:16`\\ +    `#5 0x56272d46bcd7 in memory_region_dispatch_read system/memory.c:1459:9`\\ +    `#6 0x56272d4e8e03 in flatview_read_continue_step system/physmem.c:2794:18`\\ +    `#7 0x56272d4e871e in flatview_read_continue system/physmem.c:2835:19`\\ +    `#8 0x56272d4e98b8 in flatview_read system/physmem.c:2865:12`\\ +    `#9 0x56272d4e9388 in address_space_read_full system/physmem.c:2878:18`\\ +    `#10 0x56272d6e7840 in address_space_read include/exec/memory.h:3026:18`\\ +`...`\\ +Bug analysis: I found s-\\>packet_num = 175 at line 599.""" +reproduce = """Reproducer:\\ +export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine\\ +mainstone"\\ +cat \\<\\< EOF | ./qemu-system-arm $QEMU_ARGS -qtest /dev/null -qtest stdio\\ +outl 0xcf8 0x80000010\\ +outl 0xcfc 0x10000300\\ +outl 0xcf8 0x80000004\\ +outl 0xcfc 0x07\\ +writel 0x1000030c 0x66027cd6\\ +writel 0x10000300 0x64af8eda\\ +readw 0x10000308\\ +EOF""" +additional = """Ack: Chuhong Yuan (hslester96@gmail.com)""" -- cgit 1.4.1