summary refs log tree commit diff stats
path: root/gitlab/issues/target_i386/host_missing/accel_TCG/1377.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_i386/host_missing/accel_TCG/1377.toml')
-rw-r--r--gitlab/issues/target_i386/host_missing/accel_TCG/1377.toml22
1 files changed, 22 insertions, 0 deletions
diff --git a/gitlab/issues/target_i386/host_missing/accel_TCG/1377.toml b/gitlab/issues/target_i386/host_missing/accel_TCG/1377.toml
new file mode 100644
index 000000000..c72ad8494
--- /dev/null
+++ b/gitlab/issues/target_i386/host_missing/accel_TCG/1377.toml
@@ -0,0 +1,22 @@
+id = 1377
+title = "x86 CVT* series instructions fault"
+state = "closed"
+created_at = "2022-12-16T08:22:41.339Z"
+closed_at = "2023-10-02T09:21:23.485Z"
+labels = ["accel: TCG", "target: i386", "workflow::Patch available"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/1377"
+host-os = "Windows 10 20H2"
+host-arch = "x86"
+qemu-version = "7.1.90 (v7.2.0-rc0)"
+guest-os = "None"
+guest-arch = "x86"
+description = """For example, CVTSD2SS instruction converts SRC[63:0] double precision floating point to DEST[31:0] single precision floating point. Although the CVTSD2SS instruction uses only 8 bytes, if it overlaps page boundary, I think QEMU tries to access over the valid memory and crashes."""
+reproduce = """1. Compile this code
+```
+void main() {
+    mmap(0x555555559000, 0x1000, flag, ~~, 0);
+    asm("cvtsd2ss xmm1, qword ptr [0x555555559ff8]");
+}
+```
+2. Execute. QEMU crashes but CPU does not."""
+additional = """This bug is discovered by research conducted by KAIST SoftSec."""