summary refs log tree commit diff stats
path: root/gitlab/issues_text/target_riscv/host_missing/accel_missing/1050
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-06-01 21:35:14 +0200
committerChristian Krinitsin <mail@krinitsin.com>2025-06-01 21:35:14 +0200
commit3e4c5a6261770bced301b5e74233e7866166ea5b (patch)
tree9379fddaba693ef8a045da06efee8529baa5f6f4 /gitlab/issues_text/target_riscv/host_missing/accel_missing/1050
parente5634e2806195bee44407853c4bf8776f7abfa4f (diff)
downloadqemu-analysis-3e4c5a6261770bced301b5e74233e7866166ea5b.tar.gz
qemu-analysis-3e4c5a6261770bced301b5e74233e7866166ea5b.zip
clean up repository
Diffstat (limited to 'gitlab/issues_text/target_riscv/host_missing/accel_missing/1050')
-rw-r--r--gitlab/issues_text/target_riscv/host_missing/accel_missing/105072


1 files changed, 0 insertions, 72 deletions
diff --git a/gitlab/issues_text/target_riscv/host_missing/accel_missing/1050 b/gitlab/issues_text/target_riscv/host_missing/accel_missing/1050
deleted file mode 100644
index 18be1c634..000000000
--- a/gitlab/issues_text/target_riscv/host_missing/accel_missing/1050
+++ /dev/null
@@ -1,72 +0,0 @@
-[BUG] heap-buffer-overflow in sifive_plic_create
-Description of problem:
-I run check-qtest-riscv64 in ubuntu20.04, and got a heap-buffer-overflow report with address sanitizer   
-HEAD: 7077fcb9b68f058809c9dd9fd1dacae1881e886c
-Steps to reproduce:
-run 
-`G_TEST_DBUS_DAEMON=/root/o/sources/qemu/tests/dbus-vmstate-daemon.sh QTEST_QEMU_IMG=./qemu-img MALLOC_PERTURB_=58 QTEST_QEMU_STORAGE_DAEMON_BINARY=./storage-daemon/qemu-storage-daemon QTEST_QEMU_BINARY=./qemu-system-riscv64 /root/o/sources/qemu/build/tests/qtest/test-hmp --tap -k`
-Additional information:
-I think is because on some conditions when after `j++(hw/intc/sifive_plic.c:458)`, it accesses `plic->addr_config[j](hw/intc/sifive_plic.c:463)`  and results in heap-overflow.  
-I tried to modify `hw/intc/sifive_plic.c:463` to else-if, then the report gone.  
-Could you please have a check.  
-```
-==63425==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000031624 at pc 0x561afe157d54 bp 0x7ffcd8aef510 sp 0x7ffcd8aef500
-READ of size 4 at 0x602000031624 thread T0
-    #0 0x561afe157d53 in sifive_plic_create ../hw/intc/sifive_plic.c:463
-    #1 0x561afdc0ac7f in sifive_e_soc_realize ../hw/riscv/sifive_e.c:207
-    #2 0x561afe6698fb in device_set_realized ../hw/core/qdev.c:531
-    #3 0x561afe679b90 in property_set_bool ../qom/object.c:2273
-    #4 0x561afe681c7f in object_property_set ../qom/object.c:1408
-    #5 0x561afe68b763 in object_property_set_qobject ../qom/qom-qobject.c:28
-    #6 0x561afe682535 in object_property_set_bool ../qom/object.c:1477
-    #7 0x561afdc0a601 in sifive_e_machine_init ../hw/riscv/sifive_e.c:91
-    #8 0x561afd34d608 in machine_run_board_init ../hw/core/machine.c:1427
-    #9 0x561afda49697 in qemu_init_board ../softmmu/vl.c:2610
-    #10 0x561afda49697 in qmp_x_exit_preconfig ../softmmu/vl.c:2706
-    #11 0x561afda49697 in qmp_x_exit_preconfig ../softmmu/vl.c:2699
-    #12 0x561afda504ee in qemu_init ../softmmu/vl.c:3737
-    #13 0x561afd1cf4ae in qemu_main ../softmmu/main.c:35
-    #14 0x561afd1cf4ae in main ../softmmu/main.c:45
-    #15 0x7f9d13bf3082 in __libc_start_main ../csu/libc-start.c:308
-    #16 0x561afd1de78d in _start (/root/o/sources/qemu/build/qemu-system-riscv64+0x271378d)
-
-0x602000031624 is located 8 bytes to the right of 12-byte region [0x602000031610,0x60200003161c)
-allocated by thread T0 here:
-    #0 0x7f9d15026808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
-    #1 0x7f9d14a84e98 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57e98)
-
-SUMMARY: AddressSanitizer: heap-buffer-overflow ../hw/intc/sifive_plic.c:463 in sifive_plic_create
-Shadow bytes around the buggy address:
-  0x0c047fffe270: fa fa 05 fa fa fa 07 fa fa fa 00 01 fa fa 07 fa
-  0x0c047fffe280: fa fa 05 fa fa fa 07 fa fa fa fd fa fa fa 02 fa
-  0x0c047fffe290: fa fa 00 01 fa fa fd fd fa fa fd fa fa fa fd fd
-  0x0c047fffe2a0: fa fa 00 02 fa fa 00 02 fa fa 05 fa fa fa 07 fa
-  0x0c047fffe2b0: fa fa 00 01 fa fa 07 fa fa fa 05 fa fa fa 07 fa
-=>0x0c047fffe2c0: fa fa 00 04[fa]fa 04 fa fa fa 00 00 fa fa 00 00
-  0x0c047fffe2d0: fa fa 00 00 fa fa fd fd fa fa 00 03 fa fa fd fd
-  0x0c047fffe2e0: fa fa 00 03 fa fa fd fd fa fa 00 03 fa fa fd fd
-  0x0c047fffe2f0: fa fa 00 03 fa fa fd fd fa fa 00 03 fa fa fd fd
-  0x0c047fffe300: fa fa 00 03 fa fa fd fd fa fa 00 03 fa fa fd fa
-  0x0c047fffe310: fa fa fd fd fa fa 00 03 fa fa fd fd fa fa 00 03
-Shadow byte legend (one shadow byte represents 8 application bytes):
-  Addressable:           00
-  Partially addressable: 01 02 03 04 05 06 07 
-  Heap left redzone:       fa
-  Freed heap region:       fd
-  Stack left redzone:      f1
-  Stack mid redzone:       f2
-  Stack right redzone:     f3
-  Stack after return:      f5
-  Stack use after scope:   f8
-  Global redzone:          f9
-  Global init order:       f6
-  Poisoned by user:        f7
-  Container overflow:      fc
-  Array cookie:            ac
-  Intra object redzone:    bb
-  ASan internal:           fe
-  Left alloca redzone:     ca
-  Right alloca redzone:    cb
-  Shadow gap:              cc
-==63425==ABORTING
-```