blob: 68af44abe93c70a280224aa34f0cc32b87a57791 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
|
<think>
Okay, I need to classify the given bug report for QEMU into one of the provided categories. Let's read through the report carefully.
The user describes that when a guest Linux system issues a specific SCSI command via ioctl(SG_IO), QEMU crashes. They provided steps to reproduce and pointed out where they think the issue lies in the code.
Looking at the code snippet from scsi-bus.c, line 1239: scsi_req_parse_cdb is called. The function calculates cmd->len using scsi_cdb_length(buf). If buf[0] is unexpected, this returns -1. Then memcpy uses that length, which becomes a large number (since in two's complement, -1 is all ones), leading to an overflow and crash.
The problem seems related to how SCSI commands are handled in QEMU. The category options include 'device' which covers hardware devices like SCSI emulation. This bug occurs during device I/O handling, so the appropriate category should be 'device'.
</think>
device
|