summary refs log tree commit diff stats
path: root/gitlab/issues_text/target_missing/host_missing/accel_missing/1813
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/1813')
-rw-r--r--gitlab/issues_text/target_missing/host_missing/accel_missing/1813112
1 files changed, 0 insertions, 112 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/1813 b/gitlab/issues_text/target_missing/host_missing/accel_missing/1813
deleted file mode 100644
index a143de340..000000000
--- a/gitlab/issues_text/target_missing/host_missing/accel_missing/1813
+++ /dev/null
@@ -1,112 +0,0 @@
-FPE division by zero in scsi_disk_reset() [CVE-2023-42467]
-Description of problem:
-Got an FPE division by zero error when fuzzing the device am53c974.
-Steps to reproduce:
-Minimized reproducer for the error:
-
-```plaintext
-cat << EOF | ./qemu-system-x86_64 -display none -machine accel=qtest, -m 512M -device \
-am53c974,id=scsi -device scsi-hd,drive=disk0 -drive \
-id=disk0,if=none,file=null-co://,format=raw -nodefaults -qtest /dev/null\
- -qtest stdio
-outl 0xcf8 0x80001010
-outl 0xcfc 0xc000
-outl 0xcf8 0x80001004
-outw 0xcfc 0x05
-outl 0xc047 0x065a9d01
-write 0x65a9d 0x1 0x15
-write 0x65a9e 0x1 0x10
-write 0x65aa0 0x1 0x08
-write 0x65aa1 0x1 0x0c
-write 0x65aa7 0x1 0x01
-outl 0xc03d 0x03000000
-outl 0xc00a 0xc10000
-outl 0xc03d 0x03000000
-outl 0xc00a 0xc10000
-outl 0xc00b 0x9000
-outl 0xc00b 0x0300
-EOF
-```
-Additional information:
-The crash report triggered by the reproducer is:
-
-```plaintext
-[I 0.000000] OPENED
-[R +0.024387] outl 0xcf8 0x80001010
-[S +0.024420] OK
-OK
-[R +0.024470] outl 0xcfc 0xc000
-[S +0.024490] OK
-OK
-[R +0.024513] outl 0xcf8 0x80001004
-[S +0.024521] OK
-OK
-[R +0.024527] outw 0xcfc 0x05
-[S +0.022723] OK
-OK
-[R +0.022734] outl 0xc047 0x065a9d01
-[S +0.022742] OK
-OK
-[R +0.022747] write 0x65a9d 0x1 0x15
-[S +0.022932] OK
-OK
-[R +0.022941] write 0x65a9e 0x1 0x10
-[S +0.022947] OK
-OK
-[R +0.022952] write 0x65aa0 0x1 0x08
-[S +0.022958] OK
-OK
-[R +0.022965] write 0x65aa1 0x1 0x0c
-[S +0.022973] OK
-OK
-[R +0.022983] write 0x65aa7 0x1 0x01
-[S +0.022991] OK
-OK
-[R +0.023004] outl 0xc03d 0x03000000
-[S +0.023014] OK
-OK
-[R +0.023021] outl 0xc00a 0xc10000
-[S +0.023048] OK
-OK
-[R +0.023056] outl 0xc03d 0x03000000
-[S +0.023065] OK
-OK
-[R +0.023072] outl 0xc00a 0xc10000
-[S +0.023128] OK
-OK
-[R +0.023141] outl 0xc00b 0x9000
-[S +0.023159] OK
-OK
-[R +0.023166] outl 0xc00b 0x0300
-../hw/scsi/scsi-disk.c:2351:16: runtime error: division by zero
-SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/scsi/scsi-disk.c:2351:16 in
-AddressSanitizer:DEADLYSIGNAL
-=================================================================
-==1208622==ERROR: AddressSanitizer: FPE on unknown address 0x558e9c0a9386 (pc 0x558e9c0a9386 bp 0x7ffcc04aaf50 sp 0x7ffcc04aaec0 T0)
-    #0 0x558e9c0a9386 in scsi_disk_reset ../hw/scsi/scsi-disk.c:2351:16
-    #1 0x558e9cf23f23 in resettable_phase_hold ../hw/core/resettable.c
-    #2 0x558e9cf0a861 in bus_reset_child_foreach ../hw/core/bus.c:97:13
-    #3 0x558e9cf23c05 in resettable_phase_hold ../hw/core/resettable.c:173:5
-    #4 0x558e9cf21b69 in resettable_assert_reset ../hw/core/resettable.c:60:5
-    #5 0x558e9cf217aa in resettable_reset ../hw/core/resettable.c:45:5
-    #6 0x558e9c0facd7 in esp_reg_write ../hw/scsi/esp.c:1075:13
-    #7 0x558e9c10d74d in esp_pci_io_write ../hw/scsi/esp-pci.c:214:9
-    #8 0x558e9cd7df23 in memory_region_write_accessor ../softmmu/memory.c:493:5
-    #9 0x558e9cd7d6aa in access_with_adjusted_size ../softmmu/memory.c:569:18
-    #10 0x558e9cd7ca50 in memory_region_dispatch_write ../softmmu/memory.c
-    #11 0x558e9cdc6fbf in flatview_write_continue ../softmmu/physmem.c:2653:23
-    #12 0x558e9cdbe463 in flatview_write ../softmmu/physmem.c:2695:12
-    #13 0x558e9cdbe177 in address_space_write ../softmmu/physmem.c:2791:18
-    #14 0x558e9cd70208 in cpu_outl ../softmmu/ioport.c:85:5
-    #15 0x558e9c4f0e76 in qtest_process_command ../softmmu/qtest.c:485:13
-    #16 0x558e9c4ef95b in qtest_process_inbuf ../softmmu/qtest.c:788:9
-    #17 0x558e9d3201a6 in fd_chr_read ../chardev/char-fd.c:72:9
-    #18 0x7f974a7c904d in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5204d) (BuildId: 5fdb313daf182a33a858ba2cc945211b11d34561)
-    #19 0x558e9d58d40f in glib_pollfds_poll ../util/main-loop.c:290:9
-    #20 0x558e9d58d40f in os_host_main_loop_wait ../util/main-loop.c:313:5
-    #21 0x558e9d58d40f in main_loop_wait ../util/main-loop.c:592:11
-    #22 0x558e9c4fcf76 in qemu_main_loop ../softmmu/runstate.c:732:9
-    #23 0x558e9cf06835 in qemu_default_main ../softmmu/main.c:37:14
-    #24 0x7f97495f0082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
-    #25 0x558e9b6e809d in _start (./qemu-system-x86_64+0x1e9109d)
-```