summary refs log tree commit diff stats
path: root/results/classifier/zero-shot/118/i386/2845
blob: 13b5ea6f069bf5ec5f86b0bc8869f48117cd7e81 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

i386: 0.847
device: 0.812
PID: 0.684
performance: 0.678
graphic: 0.662
peripherals: 0.655
ppc: 0.655
virtual: 0.619
socket: 0.566
network: 0.547
vnc: 0.537
register: 0.536
x86: 0.516
VMM: 0.516
kernel: 0.514
architecture: 0.502
files: 0.490
arm: 0.485
risc-v: 0.483
hypervisor: 0.482
TCG: 0.466
boot: 0.461
permissions: 0.445
semantic: 0.418
mistranslation: 0.369
KVM: 0.339
debug: 0.277
user-level: 0.267
assembly: 0.115

memory leak in virtio-pci devices
Description of problem:
The Use-After-Free bug mentioned by #2440 **has not been solved**, but the same crash is not reproducable in the later versions. After reviewing the code, I found an initiailized address space `proxy->modern_cfg_mem_as` introduced by  [`55fa4be`](vscode-file://vscode-app/Applications/Visual%20Studio%20Code.app/Contents/Resources/app/out/vs/code/electron-sandbox/workbench/workbench.html "Inspect Commit Details") in `virtio_pci@hw/virtio/virtio-pci.c` will not be destroyed if the later realization is failed. 
This will cause memory leak of the device object, which has unused reference and will not be destroyed.

Relative Code in `virtio_pci_realize@virtio-pci.c`:

```c
/* subclasses can enforce modern, so do this unconditionally */
memory_region_init(&proxy->modern_bar, OBJECT(proxy), "virtio-pci",
                    /* PCI BAR regions must be powers of 2 */
                    pow2ceil(proxy->notify.offset + proxy->notify.size));

address_space_init(&proxy->modern_cfg_mem_as, &proxy->modern_bar,
                    "virtio-pci-cfg-mem-as");

if (proxy->disable_legacy == ON_OFF_AUTO_AUTO) {
    proxy->disable_legacy = pcie_port ? ON_OFF_AUTO_ON : ON_OFF_AUTO_OFF;
}
```
Steps to reproduce:
```bash
cat <<EOF | qemu-system-i386 -M q35 -nodefaults -chardev stdio,id=char0 -mon char0 -device pcie-pci-bridge,id=br1,bus=pcie.0
device_add virtio-net,failover=on,rx_queue_size=0,bus=br1,id=dev0
device_add virtio-net,failover=on,bus=br1,id=dev0
quit
EOF
```

**This will cause UAF report in version `9.0.2`, but will not in `9.2.0`,** despite the bug still existing in code.
Additional information:
For ASAN report, please refer to #2440.