diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-08 13:28:15 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-08 13:28:28 +0200 |
| commit | 5aa276efcbd67f4300ca1a7f809c6e00aadb03da (patch) | |
| tree | 9b8f0e074014cda8d42f5a97a95bc25082d8b764 /results/classifier/zero-shot-user-mode/instruction/1377 | |
| parent | 1a3c4faf4e0a25ed0b86e8739d5319a634cb9112 (diff) | |
| download | qemu-analysis-5aa276efcbd67f4300ca1a7f809c6e00aadb03da.tar.gz qemu-analysis-5aa276efcbd67f4300ca1a7f809c6e00aadb03da.zip | |
restructure results
Diffstat (limited to 'results/classifier/zero-shot-user-mode/instruction/1377')
| -rw-r--r-- | results/classifier/zero-shot-user-mode/instruction/1377 | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/results/classifier/zero-shot-user-mode/instruction/1377 b/results/classifier/zero-shot-user-mode/instruction/1377 new file mode 100644 index 000000000..049371876 --- /dev/null +++ b/results/classifier/zero-shot-user-mode/instruction/1377 @@ -0,0 +1,19 @@ +instruction: 0.901 +syscall: 0.049 +runtime: 0.049 + + +x86 CVT* series instructions fault +Description of problem: +For example, CVTSD2SS instruction converts SRC[63:0] double precision floating point to DEST[31:0] single precision floating point. Although the CVTSD2SS instruction uses only 8 bytes, if it overlaps page boundary, I think QEMU tries to access over the valid memory and crashes. +Steps to reproduce: +1. Compile this code +``` +void main() { + mmap(0x555555559000, 0x1000, flag, ~~, 0); + asm("cvtsd2ss xmm1, qword ptr [0x555555559ff8]"); +} +``` +2. Execute. QEMU crashes but CPU does not. +Additional information: +This bug is discovered by research conducted by KAIST SoftSec. |