summary refs log tree commit diff stats
path: root/results/classifier/118/none/1905444
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/none/1905444')
-rw-r--r--results/classifier/118/none/190544484
1 files changed, 84 insertions, 0 deletions
diff --git a/results/classifier/118/none/1905444 b/results/classifier/118/none/1905444
new file mode 100644
index 000000000..829c021e3
--- /dev/null
+++ b/results/classifier/118/none/1905444
@@ -0,0 +1,84 @@
+user-level: 0.771
+register: 0.759
+graphic: 0.698
+peripherals: 0.692
+mistranslation: 0.692
+device: 0.681
+TCG: 0.675
+virtual: 0.669
+architecture: 0.669
+performance: 0.666
+permissions: 0.665
+ppc: 0.663
+hypervisor: 0.658
+KVM: 0.647
+arm: 0.645
+risc-v: 0.624
+network: 0.623
+assembly: 0.618
+debug: 0.618
+socket: 0.614
+semantic: 0.611
+vnc: 0.610
+boot: 0.606
+VMM: 0.603
+files: 0.600
+PID: 0.597
+i386: 0.575
+x86: 0.534
+kernel: 0.524
+
+[OSS-Fuzz] Issue 27796 in oss-fuzz: qemu:qemu-fuzz-i386-target-generic-fuzz-xhci: Stack-overflow in address_space_stl_internal
+
+ affects qemu
+
+OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27796
+
+=== Reproducer (build with --enable-sanitizers) ===
+cat << EOF | ./qemu-system-i386 -display none  -machine accel=qtest, \
+-m 512M -machine q35 -nodefaults \
+-drive file=null-co://,if=none,format=raw,id=disk0 \
+-device qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0 \
+-qtest-log none -qtest stdio
+outl 0xcf8 0x80000803
+outw 0xcfc 0x5e46
+outl 0xcf8 0x80000810
+outl 0xcfc 0xff5a5e46
+write 0xff5a5020 0x6 0xffffffff0b70
+outl 0xcf8 0x80000893
+outb 0xcfc 0x93
+writel 0xff5a7000 0xff5a5020
+write 0xff5a700c 0x4 0x0c0c2e58
+write 0xff5a4040 0x4 0x00d26001
+write 0xff5a4044 0x4 0x0000030
+EOF
+
+=== Stack Trace ===
+==50473==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe3ec97e28 (pc 0x55e292eac159 bp 0x7ffe3ec98670 sp 0x7ffe3ec97e30 T0)
+#0 0x55e292eac159 in __asan_memcpy (u-system-i386+0x2a0e159)
+#1 0x55e2944bc04e in flatview_do_translate softmmu/physmem.c:513:12
+#2 0x55e2944dbe90 in flatview_translate softmmu/physmem.c:563:15
+#3 0x55e2944dbe90 in address_space_translate include/exec/memory.h:2362:12
+#4 0x55e2944dbe90 in address_space_stl_internal memory_ldst.c.inc:316:10
+#5 0x55e29393d2a0 in xhci_intr_update hw/usb/hcd-xhci.c:554:13
+#6 0x55e29393efb9 in xhci_runtime_write hw/usb/hcd-xhci.c:3032:9
+#7 0x55e294230428 in memory_region_write_accessor softmmu/memory.c:484:5
+#8 0x55e29422fe63 in access_with_adjusted_size softmmu/memory.c:545:18
+#9 0x55e29422f6fc in memory_region_dispatch_write softmmu/memory.c
+#10 0x55e2944dc03c in address_space_stl_internal memory_ldst.c.inc:319:13
+#11 0x55e29393d2a0 in xhci_intr_update hw/usb/hcd-xhci.c:554:13
+#12 0x55e29393efb9 in xhci_runtime_write hw/usb/hcd-xhci.c:3032:9
+#13 0x55e294230428 in memory_region_write_accessor softmmu/memory.c:484:5
+#14 0x55e29422fe63 in access_with_adjusted_size softmmu/memory.c:545:18
+#15 0x55e29422f6fc in memory_region_dispatch_write softmmu/memory.c
+#16 0x55e2944dc03c in address_space_stl_internal memory_ldst.c.inc:319:13
+#17 0x55e29393d2a0 in xhci_intr_update hw/usb/hcd-xhci.c:554:13
+#18 0x55e29393efb9 in xhci_runtime_write hw/usb/hcd-xhci.c:3032:9
+
+
+As mentioned by Alexander here:
+https://lists.gnu.org/archive/html/qemu-devel/2021-05/msg08637.html
+this has likely been fixed by this commit here:
+https://gitlab.com/qemu-project/qemu/-/commit/3c6151cd11ae7e4a7dae10f8c17ab1fe2f0a73bf
+... thus I'm marking this as fixed now. If it occurs again, please open a new ticket in the Gitlab bug tracker. Thanks!
+