summary refs log tree commit diff stats
path: root/gitlab/issues_text/target_missing/host_missing/accel_missing/2268
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/2268')
-rw-r--r--gitlab/issues_text/target_missing/host_missing/accel_missing/226843
1 files changed, 0 insertions, 43 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/2268 b/gitlab/issues_text/target_missing/host_missing/accel_missing/2268
deleted file mode 100644
index 55e66a0d6..000000000
--- a/gitlab/issues_text/target_missing/host_missing/accel_missing/2268
+++ /dev/null
@@ -1,43 +0,0 @@
-Out of bounds access in smc91c111_readb()
-Description of problem:
-I detected an out-of-bounds access in smc91c111_readb with my fuzzer.
-
-Stack trace (part):\
-`hw/net/smc91c111.c:607:24: runtime error: index 175 out of bounds for`\
-`type 'uint8_t[4][2048]' (aka 'unsigned char[4][2048]')`\
-`SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior`\
-`hw/net/smc91c111.c:607:24 in`\
-`AddressSanitizer:DEADLYSIGNAL`\
-`==============================`<wbr>`==============================`<wbr>`=====`\
-`==397944==ERROR: AddressSanitizer: SEGV on unknown address`\
-`0x629000077db4 (pc 0x56272aed3b8d bp 0x7ffd1471f290 sp 0x7ffd1471ea20`\
-`T0)`\
-`==397944==The signal is caused by a READ memory access.`\
-    `#0 0x56272aed3b8d in smc91c111_readb hw/net/smc91c111.c:607:24`\
-    `#1 0x56272aecfd61 in smc91c111_readfn hw/net/smc91c111.c:650:16`\
-    `#2 0x56272d4b228b in memory_region_read_accessor system/memory.c:445:11`\
-    `#3 0x56272d46fb85 in access_with_adjusted_size system/memory.c:573:18`\
-    `#4 0x56272d46c58e in memory_region_dispatch_read1 system/memory.c:1426:16`\
-    `#5 0x56272d46bcd7 in memory_region_dispatch_read system/memory.c:1459:9`\
-    `#6 0x56272d4e8e03 in flatview_read_continue_step system/physmem.c:2794:18`\
-    `#7 0x56272d4e871e in flatview_read_continue system/physmem.c:2835:19`\
-    `#8 0x56272d4e98b8 in flatview_read system/physmem.c:2865:12`\
-    `#9 0x56272d4e9388 in address_space_read_full system/physmem.c:2878:18`\
-    `#10 0x56272d6e7840 in address_space_read include/exec/memory.h:3026:18`\
-`...`\
-Bug analysis: I found s-\>packet_num = 175 at line 599.
-Steps to reproduce:
-Reproducer:\
-export QEMU_ARGS="-display none -machine accel=qtest, -m 512M -machine\
-mainstone"\
-cat \<\< EOF | ./qemu-system-arm $QEMU_ARGS -qtest /dev/null -qtest stdio\
-outl 0xcf8 0x80000010\
-outl 0xcfc 0x10000300\
-outl 0xcf8 0x80000004\
-outl 0xcfc 0x07\
-writel 0x1000030c 0x66027cd6\
-writel 0x10000300 0x64af8eda\
-readw 0x10000308\
-EOF
-Additional information:
-Ack: Chuhong Yuan (hslester96@gmail.com)