summary refs log tree commit diff stats
path: root/results/classifier/118/graphic/1355697
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/graphic/1355697')
-rw-r--r--results/classifier/118/graphic/135569781
1 files changed, 81 insertions, 0 deletions
diff --git a/results/classifier/118/graphic/1355697 b/results/classifier/118/graphic/1355697
new file mode 100644
index 000000000..2f14ffc08
--- /dev/null
+++ b/results/classifier/118/graphic/1355697
@@ -0,0 +1,81 @@
+graphic: 0.863
+semantic: 0.766
+performance: 0.762
+user-level: 0.735
+device: 0.734
+architecture: 0.719
+PID: 0.714
+permissions: 0.692
+kernel: 0.670
+hypervisor: 0.666
+VMM: 0.644
+socket: 0.642
+vnc: 0.638
+ppc: 0.632
+KVM: 0.627
+TCG: 0.623
+register: 0.619
+network: 0.619
+files: 0.617
+x86: 0.601
+peripherals: 0.567
+i386: 0.564
+boot: 0.552
+risc-v: 0.548
+assembly: 0.523
+arm: 0.502
+mistranslation: 0.480
+virtual: 0.475
+debug: 0.472
+
+qemu-img: Segfault on a fuzzed image with large values of L1/L2 entries
+
+'qemu-img check -r all/leaks' failed with a segmentation fault on the fuzzed image with L1/L2 entry values having UINT64 border values.
+
+Sequence:
+ 1. Unpack the attached archive, make a copy of test.img
+ 2. Put copy.img and backing_img.raw in the same directory
+ 3. Execute
+   
+qemu-img check -f qcow2 -r all copy.img
+
+Result: qemu-img was killed by SIGSEGV.
+
+The qemu-img execution log can be found in the attached archive.
+
+
+qemu.git HEAD 2d591ce2aeebf
+
+
+
+Hi,
+
+This issue has at least been partially fixed in master (5f77ef69a195098baddfdc6d189f1b4a94587378):
+
+$ ./qemu-img check -f qcow2 -r all copy.img
+Warning: cluster offset=0xfffffffffe0000 is after the end of the image file, can't properly check refcounts.
+Warning: cluster offset=0x100000000000000 is after the end of the image file, can't properly check refcounts.
+ERROR l2_offset=fffffffffffe00: Table is not cluster aligned; L1 entry corrupted
+Repairing cluster 0 refcount=0 reference=1
+Repairing cluster 1 refcount=0 reference=1
+qcow2: Marking image as corrupt: Preventing invalid write on metadata (overlaps with refcount table); further corruption events will be suppressed
+Repairing cluster 21 refcount=0 reference=1
+
+4 errors were found on the image.
+Data may be corrupted, or further writes to the image may corrupt it.
+
+2 internal errors have occurred during the check.
+Image end offset: 2883584
+
+I'm still working towards the repair function actually doing its job.
+
+Thank you for your report,
+
+Max
+
+Hi,
+
+Okay, so this image has the same “issue” (it's intentionally broken, so it's not really an issue) as the one in bug 1355738: There are corrupted L2 entries which are impossible for qemu to repair. Therefore, we could only ask the user to use qemu-img convert and that's all we can do. Therefore, I'm marking this fixed as well.
+
+Max
+