summary refs log tree commit diff stats
path: root/gitlab/issues_text/target_missing/host_missing/accel_missing/1102
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-05-30 16:52:07 +0200
committerChristian Krinitsin <mail@krinitsin.com>2025-05-30 16:52:17 +0200
commit9260319e7411ff8281700a532caa436f40120ec4 (patch)
tree2f6bfe5f3458dd49d328d3a9eb508595450adec0 /gitlab/issues_text/target_missing/host_missing/accel_missing/1102
parent225caa38269323af1bfc2daadff5ec8bd930747f (diff)
downloadqemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.tar.gz
qemu-analysis-9260319e7411ff8281700a532caa436f40120ec4.zip
gitlab scraper: download in toml and text format
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/1102')
-rw-r--r--gitlab/issues_text/target_missing/host_missing/accel_missing/110238


1 files changed, 38 insertions, 0 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/1102 b/gitlab/issues_text/target_missing/host_missing/accel_missing/1102
new file mode 100644
index 000000000..ef455a73b
--- /dev/null
+++ b/gitlab/issues_text/target_missing/host_missing/accel_missing/1102
@@ -0,0 +1,38 @@
+qemu-user: zero_bss might raise segfault when segment is not writable
+Description of problem:
+When a PT_LOAD segment with the following attributes presented in the user program,
+* MemSiz > FileSiz
+* NOT Writable
+
+qemu-aarch64 will crash with segment fault running it.
+
+
+
+
+in [linux-user/elfload.c: bss_zero](https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/elfload.c#L2097), the exceeded part is zero'ed without checking if it is writable
+```
+    if (host_start < host_map_start) {
+        memset((void *)host_start, 0, host_map_start - host_start);
+    }
+```
+Steps to reproduce:
+1. ./qemu-aarch64 ./X.so
+Additional information:
+readelf output of X.so
+```
+Program Headers:
+  Type           Offset             VirtAddr           PhysAddr                 FileSiz            MemSiz              Flags  Align
+  PHDR           0x0000000000000040 0x0000000000000040 0x0000000000000040       0x0000000000000230 0x0000000000000230  R E    0x8
+  LOAD           0x0000000000000000 0x0000000000000000 0x0000000000000000       0x0000000000110270 0x00000000001c94e0  R E    0x10000
+  LOAD           0x0000000000129bd0 0x00000000001d9bd0 0x00000000001d9bd0       0x0000000000000438 0x00000000000004c0  RW     0x10000
+  LOAD           0x000000000013a008 0x00000000001ea008 0x00000000001ea008       0x0000000000017bd0 0x0000000000017bd0  RW     0x10000
+  LOAD           0x0000000000161bd8 0x0000000000211bd8 0x0000000000211bd8       0x000000000000f740 0x000000000000f740  RW     0x10000
+  DYNAMIC        0x0000000000161e60 0x0000000000211e60 0x0000000000211e60       0x00000000000001e0 0x00000000000001e0  RW     0x8
+  INTERP         0x0000000000089410 0x0000000000089410 0x0000000000089410       0x0000000000000015 0x0000000000000015  R      0x1
+      [Requesting program interpreter: /system/bin/linker64]
+  NOTE           0x000000000013dbc8 0x00000000001edbc8 0x00000000001edbc8       0x0000000000000011 0x0000000000000011  R      0x1
+  GNU_EH_FRAME   0x00000000001c86a4 0x00000000001c86a4 0x00000000001c86a4       0x00000000000002dc 0x00000000000002dc  R      0x4
+  GNU_STACK      0x0000000000000000 0x0000000000000000 0x0000000000000000       0x0000000000000000 0x0000000000000000  RW     0x10
+```
+
+X.so: https://drive.google.com/file/d/1A7mkWRcK2BKkpeevt8T6FVLg-t6mWdgi/view?usp=sharing