summary refs log tree commit diff stats
path: root/gitlab/issues_text/target_missing/host_missing/accel_missing/2296
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/2296')
-rw-r--r--gitlab/issues_text/target_missing/host_missing/accel_missing/229697
1 files changed, 0 insertions, 97 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/2296 b/gitlab/issues_text/target_missing/host_missing/accel_missing/2296
deleted file mode 100644
index 752d1a637..000000000
--- a/gitlab/issues_text/target_missing/host_missing/accel_missing/2296
+++ /dev/null
@@ -1,97 +0,0 @@
-heap-buffer-overflow in virtio-sound
-Description of problem:
-The following log reveals it:
-
-```
-==3191578==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000068620 at pc 0x55dadcde4ec5 bp 0x7ffe7f18aef0 sp 0x7ffe7f18aee0
-READ of size 8 at 0x602000068620 thread T0
-    #0 0x55dadcde4ec4 in virtio_snd_handle_rx_xfer ../hw/audio/virtio-snd.c:988
-    #1 0x55daddffbf5e in virtio_queue_notify ../hw/virtio/virtio.c:2296
-    #2 0x55dadd6cff4a in virtio_pci_notify_write ../hw/virtio/virtio-pci.c:1721
-    #3 0x55dade0ab336 in memory_region_write_accessor ../system/memory.c:497
-    #4 0x55dade0af3d0 in access_with_adjusted_size ../system/memory.c:573
-    #5 0x55dade0b5032 in memory_region_dispatch_write ../system/memory.c:1528
-    #6 0x55dade0ebb62 in flatview_write_continue_step ../system/physmem.c:2713
-    #7 0x55dade0ebfb2 in flatview_write_continue ../system/physmem.c:2743
-    #8 0x55dade0ebfb2 in flatview_write ../system/physmem.c:2774
-    #9 0x55dade0edd58 in address_space_write ../system/physmem.c:2894
-    #10 0x55dadd809972 in qtest_process_command ../system/qtest.c:679
-    #11 0x55dadd80c3e2 in qtest_process_inbuf ../system/qtest.c:811
-    #12 0x55dade6e79a4 in fd_chr_read ../chardev/char-fd.c:72
-    #13 0x7f79b0d29c43 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55c43)
-    #14 0x55dade998bcf in glib_pollfds_poll ../util/main-loop.c:287
-    #15 0x55dade998bcf in os_host_main_loop_wait ../util/main-loop.c:310
-    #16 0x55dade998bcf in main_loop_wait ../util/main-loop.c:589
-    #17 0x55dadd810e00 in qemu_main_loop ../system/runstate.c:783
-    #18 0x55dade2b703a in qemu_default_main ../system/main.c:37
-    #19 0x7f79afe29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
-    #20 0x7f79afe29e3f in __libc_start_main_impl ../csu/libc-start.c:392
-    #21 0x55dadcb5a284 in _start (/home/joey/repo/qemu/build/qemu-system-x86_64+0x2ef6284)
-
-0x602000068620 is located 0 bytes to the right of 16-byte region [0x602000068610,0x602000068620)
-allocated by thread T0 here:
-    #0 0x7f79b18b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154
-    #1 0x7f79b0d32c50 in g_malloc0 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5ec50)
-    #2 0x55dadebf5847  (/home/joey/repo/qemu/build/qemu-system-x86_64+0x4f91847)
-
-SUMMARY: AddressSanitizer: heap-buffer-overflow ../hw/audio/virtio-snd.c:988 in virtio_snd_handle_rx_xfer
-Shadow bytes around the buggy address:
-  0x0c0480005070: fa fa 05 fa fa fa 07 fa fa fa 00 01 fa fa 07 fa
-  0x0c0480005080: fa fa 05 fa fa fa 07 fa fa fa 00 03 fa fa fd fd
-  0x0c0480005090: fa fa fd fd fa fa fd fd fa fa fd fd fa fa 00 06
-  0x0c04800050a0: fa fa 00 00 fa fa 00 00 fa fa 00 01 fa fa 05 fa
-  0x0c04800050b0: fa fa 00 03 fa fa 00 03 fa fa 00 01 fa fa 00 05
-=>0x0c04800050c0: fa fa 00 00[fa]fa 00 00 fa fa 00 04 fa fa 00 00
-  0x0c04800050d0: fa fa fd fd fa fa fd fd fa fa fd fa fa fa fd fa
-  0x0c04800050e0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
-  0x0c04800050f0: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
-  0x0c0480005100: fa fa fd fd fa fa fd fa fa fa fd fa fa fa fd fa
-  0x0c0480005110: fa fa fd fa fa fa fd fa fa fa fd fa fa fa fd fa
-Shadow byte legend (one shadow byte represents 8 application bytes):
-  Addressable:           00
-  Partially addressable: 01 02 03 04 05 06 07
-  Heap left redzone:       fa
-  Freed heap region:       fd
-  Stack left redzone:      f1
-  Stack mid redzone:       f2
-  Stack right redzone:     f3
-  Stack after return:      f5
-  Stack use after scope:   f8
-  Global redzone:          f9
-  Global init order:       f6
-  Poisoned by user:        f7
-  Container overflow:      fc
-  Array cookie:            ac
-  Intra object redzone:    bb
-  ASan internal:           fe
-  Left alloca redzone:     ca
-  Right alloca redzone:    cb
-  Shadow gap:              cc
-```
-Steps to reproduce:
-```
-cat << EOF | qemu-system-x86_64 -display none \
--machine accel=qtest -m 512M -machine q35 -device \
-virtio-sound,audiodev=my_audiodev,streams=2 -audiodev \
-alsa,id=my_audiodev -qtest stdio
-outl 0xcf8 0x80001804
-outw 0xcfc 0x06
-outl 0xcf8 0x80001820
-outl 0xcfc 0xe0008000
-write 0xe0008016 0x1 0x03
-write 0xe0008020 0x4 0x00901000
-write 0xe0008028 0x4 0x00a01000
-write 0xe000801c 0x1 0x01
-write 0xe000a004 0x1 0x40
-write 0x10c000 0x1 0x02
-write 0x109001 0x1 0xc0
-write 0x109002 0x1 0x10
-write 0x109008 0x1 0x04
-write 0x10a002 0x1 0x01
-write 0xe000b00d 0x1 0x00
-EOF
-```
-
-# Possible Fix
-
-check the user-assigned value in virtio_snd_set_config()