summary refs log tree commit diff stats
path: root/results/classifier/118/review/1911839
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/review/1911839')
-rw-r--r--results/classifier/118/review/1911839133
1 files changed, 133 insertions, 0 deletions
diff --git a/results/classifier/118/review/1911839 b/results/classifier/118/review/1911839
new file mode 100644
index 000000000..316512262
--- /dev/null
+++ b/results/classifier/118/review/1911839
@@ -0,0 +1,133 @@
+user-level: 0.937
+peripherals: 0.901
+register: 0.897
+device: 0.891
+performance: 0.876
+risc-v: 0.871
+mistranslation: 0.857
+hypervisor: 0.857
+virtual: 0.845
+permissions: 0.843
+architecture: 0.826
+graphic: 0.813
+boot: 0.812
+arm: 0.805
+assembly: 0.798
+semantic: 0.789
+x86: 0.782
+vnc: 0.775
+network: 0.761
+TCG: 0.756
+files: 0.753
+ppc: 0.750
+VMM: 0.742
+debug: 0.724
+i386: 0.718
+socket: 0.718
+KVM: 0.718
+kernel: 0.706
+PID: 0.655
+--------------------
+i386: 0.998
+x86: 0.989
+debug: 0.698
+kernel: 0.444
+assembly: 0.213
+device: 0.172
+user-level: 0.164
+virtual: 0.145
+files: 0.090
+PID: 0.058
+network: 0.057
+TCG: 0.051
+hypervisor: 0.035
+performance: 0.031
+VMM: 0.021
+semantic: 0.020
+register: 0.019
+KVM: 0.016
+boot: 0.014
+risc-v: 0.012
+ppc: 0.011
+architecture: 0.010
+socket: 0.006
+permissions: 0.006
+graphic: 0.006
+peripherals: 0.002
+vnc: 0.002
+mistranslation: 0.001
+arm: 0.001
+
+[OSS-Fuzz] Issue 29586 e1000e: Memcpy-param-overlap in flatview_write_continue
+
+=== Reproducer ===
+cat << EOF | ./qemu-system-i386 -M q35 -accel qtest \
+-qtest stdio -nographic -nodefaults -device \
+e1000e,netdev=net0 -netdev user,id=net0 
+outl 0xcf8 0x80000811
+outl 0xcfc 0x5ac600
+outl 0xcf8 0x80000801
+outl 0xcfc 0x26000000
+write 0x5ac60100 0x4 0x56000302
+write 0x5ac6011a 0x2 0x1006
+write 0x5ac60120 0x1 0x25
+write 0x5ac6042a 0x2 0x4048
+write 0x5ac60431 0x1 0x04
+write 0x4240 0x1 0xff
+write 0x4241 0x1 0x01
+write 0x4249 0x1 0xf5
+write 0x1ff 0x1 0x11
+write 0x5ac60401 0x1 0x12
+write 0x5ac6043a 0x2 0x3000
+write 0x5ac60112 0x2 0xf090
+write 0x5ac60430 0x1 0x0
+write 0x239 0x1 0xff
+write 0x2bb 0x1 0x41
+write 0x9531 0x1 0xff
+write 0x9532 0x1 0xff
+write 0x9533 0x1 0xff
+write 0x9534 0x1 0xff
+write 0x9535 0x1 0xff
+write 0x9536 0x1 0xff
+write 0x9537 0x1 0xff
+write 0x5ac60403 0x1 0x12
+EOF
+
+=== Stack Trace ===
+==1364==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x7f90b7e00025,0x7f90b7e00604) and [0x7f90b7e00225, 0x7f90b7e00804) overlap
+#0 __asan_memcpy /src/llvm-project/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cpp:22:3
+#1 flatview_write_continue /src/qemu/softmmu/physmem.c:2764:13
+#2 flatview_write /src/qemu/softmmu/physmem.c:2799:14
+#3 address_space_write /src/qemu/softmmu/physmem.c:2891:18
+#4 address_space_rw /src/qemu/softmmu/physmem.c:2901:16
+#5 dma_memory_rw_relaxed /src/qemu/include/sysemu/dma.h:88:12
+#6 dma_memory_rw /src/qemu/include/sysemu/dma.h:127:12
+#7 pci_dma_rw /src/qemu/include/hw/pci/pci.h:801:12
+#8 pci_dma_write /src/qemu/include/hw/pci/pci.h:837:12
+#9 e1000e_write_to_rx_buffers /src/qemu/hw/net/e1000e_core.c:1405:9
+#10 e1000e_write_packet_to_guest /src/qemu/hw/net/e1000e_core.c:1575:21
+#11 e1000e_receive_iov /src/qemu/hw/net/e1000e_core.c:1702:9
+#12 e1000e_nc_receive_iov /src/qemu/hw/net/e1000e.c:214:12
+#13 net_tx_pkt_sendv /src/qemu/hw/net/net_tx_pkt.c:556:9
+#14 net_tx_pkt_send /src/qemu/hw/net/net_tx_pkt.c:633:9
+#15 net_tx_pkt_send_loopback /src/qemu/hw/net/net_tx_pkt.c:646:11
+#16 e1000e_tx_pkt_send /src/qemu/hw/net/e1000e_core.c:657:16
+#17 e1000e_process_tx_desc /src/qemu/hw/net/e1000e_core.c:736:17
+#18 e1000e_start_xmit /src/qemu/hw/net/e1000e_core.c:927:9
+#19 e1000e_set_tctl /src/qemu/hw/net/e1000e_core.c:2424:9
+#20 e1000e_core_write /src/qemu/hw/net/e1000e_core.c:3256:9
+#21 e1000e_mmio_write /src/qemu/hw/net/e1000e.c:110:5
+#22 memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
+#23 access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
+#24 memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
+#25 flatview_write_continue /src/qemu/softmmu/physmem.c:2759:23
+#26 flatview_write /src/qemu/softmmu/physmem.c:2799:14
+#27 address_space_write /src/qemu/softmmu/physmem.c:2891:18
+#28 __wrap_qtest_writeq /src/qemu/tests/qtest/fuzz/qtest_wrappers.c:187:9
+#29 op_write /src/qemu/tests/qtest/fuzz/generic_fuzz.c:479:13
+#30 generic_fuzz /src/qemu/tests/qtest/fuzz/generic_fuzz.c:681:17
+
+OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29586
+
+This is still reproducible with the current git version (commit 7fe7fae8b48e3f9c647fd685e5155ebc8e6fb84d) and clang with ASAN enabled.
+