1 files changed, 108 insertions, 0 deletions

diff --git a/results/classifier/118/review/1902112 b/results/classifier/118/review/1902112
new file mode 100644
index 000000000..583ebc681
--- /dev/null
+++ b/results/classifier/118/review/1902112
@@ -0,0 +1,108 @@
+mistranslation: 0.800
+register: 0.797
+permissions: 0.789
+performance: 0.788
+user-level: 0.783
+device: 0.769
+files: 0.755
+risc-v: 0.753
+architecture: 0.738
+semantic: 0.727
+virtual: 0.718
+graphic: 0.711
+arm: 0.691
+debug: 0.686
+PID: 0.677
+assembly: 0.668
+boot: 0.657
+kernel: 0.631
+network: 0.610
+ppc: 0.581
+TCG: 0.576
+x86: 0.568
+socket: 0.563
+VMM: 0.556
+peripherals: 0.545
+i386: 0.527
+KVM: 0.525
+hypervisor: 0.523
+vnc: 0.505
+--------------------
+i386: 0.997
+x86: 0.995
+debug: 0.765
+hypervisor: 0.699
+virtual: 0.355
+kernel: 0.089
+user-level: 0.058
+files: 0.057
+device: 0.042
+performance: 0.026
+assembly: 0.026
+peripherals: 0.025
+PID: 0.023
+boot: 0.016
+TCG: 0.015
+register: 0.013
+semantic: 0.012
+architecture: 0.009
+socket: 0.007
+permissions: 0.005
+VMM: 0.004
+KVM: 0.004
+graphic: 0.004
+risc-v: 0.003
+ppc: 0.003
+network: 0.002
+vnc: 0.001
+mistranslation: 0.001
+arm: 0.000
+
+[OSS-Fuzz] Issue 26693: qemu:qemu-fuzz-i386-target-generic-fuzz-xhci: Index-out-of-bounds in xhci_runtime_write 
+
+OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26693
+
+=== Reproducer (build with --enable-sanitizers) ===
+export UBSAN_OPTIONS="print_stacktrace=1:silence_unsigned_overflow=1"
+cat << EOF | ./qemu-system-i386 -display none -machine\
+ accel=qtest, -m 512M -machine q35 -nodefaults -drive\
+ file=null-co://,if=none,format=raw,id=disk0 -device\
+ qemu-xhci,id=xhci -device usb-tablet,bus=xhci.0\
+ -device usb-bot -device usb-storage,drive=disk0\
+ -chardev null,id=cd0 -chardev null,id=cd1 -device\
+ usb-braille,chardev=cd0 -device usb-ccid -device\
+ usb-ccid -device usb-kbd -device usb-mouse -device\
+ usb-serial,chardev=cd1 -device usb-tablet -device\
+ usb-wacom-tablet -device usb-audio -qtest stdio
+outl 0xcf8 0x80000803
+outl 0xcfc 0x18caffff
+outl 0xcf8 0x80000810
+outl 0xcfc 0x555a2e46
+write 0x555a1004 0x4 0xe7b9aa7a
+EOF
+
+=== Stack Trace ===
+ 	
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../hw/usb/hcd-xhci.c:3012:30 in
+../hw/usb/hcd-xhci.c:3012:30: runtime error: index -1 out of bounds for type 'XHCIInterrupter [16]'
+#0 0x55bd2e97c8b0 in xhci_runtime_write /src/qemu/hw/usb/hcd-xhci.c:3012:30
+#1 0x55bd2edfdd13 in memory_region_write_accessor /src/qemu/softmmu/memory.c:484:5
+#2 0x55bd2edfdb14 in access_with_adjusted_size /src/qemu/softmmu/memory.c:545:18
+#3 0x55bd2edfd54b in memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
+#4 0x55bd2ed7fa46 in flatview_write_continue /src/qemu/softmmu/physmem.c:2767:23
+#5 0x55bd2ed7cac0 in flatview_write /src/qemu/softmmu/physmem.c:2807:14
+#6 0x55bd2ed7c9f8 in address_space_write /src/qemu/softmmu/physmem.c:2899:18
+#7 0x55bd2e85cf9b in __wrap_qtest_writeq /src/qemu/tests/qtest/fuzz/qtest_wrappers.c:187:9
+#8 0x55bd2e85b7b1 in op_write /src/qemu/tests/qtest/fuzz/generic_fuzz.c:476:13
+#9 0x55bd2e85a84c in generic_fuzz /src/qemu/tests/qtest/fuzz/generic_fuzz.c:678:17
+#10 0x55bd2e85dd6f in LLVMFuzzerTestOneInput /src/qemu/tests/qtest/fuzz/fuzz.c:150:5
+#11 0x55bd2e7e9661 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:595:15
+#12 0x55bd2e7d4732 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
+#13 0x55bd2e7da7ee in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:852:9
+#14 0x55bd2e8027d2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
+#15 0x7f3d153b783f in __libc_start_main
+
+ClusterFuzz testcase 5747786781556736 is verified as fixed in https://oss-fuzz.com/revisions?job=libfuzzer_ubsan_qemu&range=202011040616:202011060622
+
+Released with QEMU v5.2.0.
+