diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-01 21:35:14 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-01 21:35:14 +0200 |
| commit | 3e4c5a6261770bced301b5e74233e7866166ea5b (patch) | |
| tree | 9379fddaba693ef8a045da06efee8529baa5f6f4 /gitlab/issues_text/target_missing/host_missing/accel_missing/2274 | |
| parent | e5634e2806195bee44407853c4bf8776f7abfa4f (diff) | |
| download | qemu-analysis-3e4c5a6261770bced301b5e74233e7866166ea5b.tar.gz qemu-analysis-3e4c5a6261770bced301b5e74233e7866166ea5b.zip | |
clean up repository
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/2274')
| -rw-r--r-- | gitlab/issues_text/target_missing/host_missing/accel_missing/2274 | 43 |
1 files changed, 0 insertions, 43 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/2274 b/gitlab/issues_text/target_missing/host_missing/accel_missing/2274 deleted file mode 100644 index a80c587dd..000000000 --- a/gitlab/issues_text/target_missing/host_missing/accel_missing/2274 +++ /dev/null @@ -1,43 +0,0 @@ -Assertion failuer in cryptodev_builtin_close_session() -Description of problem: -In the function _cryptodev_builtin_close_session(),_ an assertation happened: - -``` -qemu-fuzz-x86_64: qemu/backends/cryptodev-builtin.c:430: int cryptodev_builtin_close_session(CryptoDevBackend *, uint64_t, uint32_t, CryptoDevCompletionFunc, void *): Assertion `session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]' failed. -==1256139== ERROR: libFuzzer: deadly signal - #9 0x71acb8c2871a in __assert_fail_base assert/./assert/assert.c:92:3 - #10 0x71acb8c39e95 in __assert_fail assert/./assert/assert.c:101:3 - #11 0x5af7f624b12b in cryptodev_builtin_close_session qemu/backends/cryptodev-builtin.c:430:5 - #12 0x5af7f60b2860 in virtio_crypto_handle_close_session qemu/hw/virtio/virtio-crypto.c:262:12 - #13 0x5af7f60b2860 in virtio_crypto_handle_ctrl qemu/hw/virtio/virtio-crypto.c:423:19 -``` - -The user could send an invalid session_id to trigger this assertion. -Steps to reproduce: -Here's a simple PoC: - -``` -cat << EOF | qemu-system-x86_64 -display none\ - -machine accel=qtest -m 512M -machine q35 -nodefaults -object \ -cryptodev-backend-builtin,id=cryptodev0 -device \ -virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 -qtest stdio -outl 0xcf8 0x80000804 -outw 0xcfc 0x06 -outl 0xcf8 0x80000820 -outl 0xcfc 0xe0008000 -write 0x10800e 0x1 0x01 -write 0xe0008016 0x1 0x01 -write 0xe0008020 0x4 0x00801000 -write 0xe0008028 0x4 0x00c01000 -write 0xe000801c 0x1 0x01 -write 0x110000 0x1 0x05 -write 0x110001 0x1 0x04 -write 0x108002 0x1 0x11 -write 0x108008 0x1 0x48 -write 0x10800c 0x1 0x01 -write 0x108018 0x1 0x10 -write 0x10801c 0x1 0x02 -write 0x10c002 0x1 0x01 -write 0xe000b005 0x1 0x00 -EOF -``` |