diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-01 21:35:14 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-01 21:35:14 +0200 |
| commit | 3e4c5a6261770bced301b5e74233e7866166ea5b (patch) | |
| tree | 9379fddaba693ef8a045da06efee8529baa5f6f4 /gitlab/issues_text/target_missing/host_missing/accel_missing/2268 | |
| parent | e5634e2806195bee44407853c4bf8776f7abfa4f (diff) | |
| download | qemu-analysis-3e4c5a6261770bced301b5e74233e7866166ea5b.tar.gz qemu-analysis-3e4c5a6261770bced301b5e74233e7866166ea5b.zip | |
clean up repository
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/2268')
| -rw-r--r-- | gitlab/issues_text/target_missing/host_missing/accel_missing/2268 | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/2268 b/gitlab/issues_text/target_missing/host_missing/accel_missing/2268 deleted file mode 100644 index 55e66a0d6..000000000 --- a/gitlab/issues_text/target_missing/host_missing/accel_missing/2268 +++ /dev/null @@ -1,43 +0,0 @@ -Out of bounds access in smc91c111_readb() -Description of problem: -I detected an out-of-bounds access in smc91c111_readb with my fuzzer. - -Stack trace (part):\ -`hw/net/smc91c111.c:607:24: runtime error: index 175 out of bounds for`\ -`type 'uint8_t[4][2048]' (aka 'unsigned char[4][2048]')`\ -`SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior`\ -`hw/net/smc91c111.c:607:24 in`\ -`AddressSanitizer:DEADLYSIGNAL`\ -`==============================`<wbr>`==============================`<wbr>`=====`\ -`==397944==ERROR: AddressSanitizer: SEGV on unknown address`\ -`0x629000077db4 (pc 0x56272aed3b8d bp 0x7ffd1471f290 sp 0x7ffd1471ea20`\ -`T0)`\ -`==397944==The signal is caused by a READ memory access.`\ - `#0 0x56272aed3b8d in smc91c111_readb hw/net/smc91c111.c:607:24`\ - `#1 0x56272aecfd61 in smc91c111_readfn hw/net/smc91c111.c:650:16`\ - `#2 0x56272d4b228b in memory_region_read_accessor system/memory.c:445:11`\ - `#3 0x56272d46fb85 in access_with_adjusted_size system/memory.c:573:18`\ - `#4 0x56272d46c58e in memory_region_dispatch_read1 system/memory.c:1426:16`\ - `#5 0x56272d46bcd7 in memory_region_dispatch_read system/memory.c:1459:9`\ - `#6 0x56272d4e8e03 in flatview_read_continue_step system/physmem.c:2794:18`\ - `#7 0x56272d4e871e in flatview_read_continue system/physmem.c:2835:19`\ - `#8 0x56272d4e98b8 in flatview_read system/physmem.c:2865:12`\ - `#9 0x56272d4e9388 in address_space_read_full system/physmem.c:2878:18`\ - `#10 0x56272d6e7840 in address_space_read include/exec/memory.h:3026:18`\ -`...`\ -Bug analysis: I found s-\>packet_num = 175 at line 599. -Steps to reproduce: -Reproducer:\ -export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine\ -mainstone"\ -cat \<\< EOF | ./qemu-system-arm $QEMU_ARGS -qtest /dev/null -qtest stdio\ -outl 0xcf8 0x80000010\ -outl 0xcfc 0x10000300\ -outl 0xcf8 0x80000004\ -outl 0xcfc 0x07\ -writel 0x1000030c 0x66027cd6\ -writel 0x10000300 0x64af8eda\ -readw 0x10000308\ -EOF -Additional information: -Ack: Chuhong Yuan (hslester96@gmail.com) |