add launchpad bug reports without comments

1 files changed, 9 insertions, 0 deletions

diff --git a/results/scraper/launchpad-without-comments/786208 b/results/scraper/launchpad-without-comments/786208
new file mode 100644
index 000000000..8c72fc567
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/786208
@@ -0,0 +1,9 @@
+Missing checks for non-existent device in ide_exec_cmd
+
+Several calls in the ide_exec_cmd handler are missing checks for (!s->bs) or similar, resulting in NULL pointer dereferences, divide-by-zero, or possibly other badness if the guest performs operations on a non-existent IDE master.
+
+For example, the WIN_READ_NATIVE_MAX command does a 'ide_set_sector(s, s->nb_sectors - 1);', which does 'cyl = sector_num / (s->heads * s->sectors);', which will fail with a divide-by-zero if heads = sectors = 0.
+
+And WIN_MULTREAD also does not check for s->bs, but does a 'ide_sector_read(s);', which will do 'bdrv_read(s->bs, sector_num, s->io_buffer, n);' on a NULL s->bs, leading to a segfault.
+
+I do not *believe* that a malicious guest can do anything more than cause a crash with these bugs.
\ No newline at end of file