summary refs log tree commit diff stats
path: root/results/scraper/launchpad-without-comments/1892761
diff options
context:
space:
mode:
Diffstat (limited to 'results/scraper/launchpad-without-comments/1892761')
-rw-r--r--results/scraper/launchpad-without-comments/189276110
1 files changed, 10 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1892761 b/results/scraper/launchpad-without-comments/1892761
new file mode 100644
index 000000000..af99d943f
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1892761
@@ -0,0 +1,10 @@
+Heap-use-after-free through double-fetch in ehci
+
+Hello,
+I don't have a qtest reproducer for this crash because it involves a DMA double-fetch, and I don't think we can reproduce those with qtest.
+
+Instead, I attached the pseudo-qtest trace produced by the fuzzer, along with some trace events.
+The lines annotated with [DMA] are write commands that were triggered by a callback from a DMA read by the device. The lines annotated with [DOUBLE-FETCH] are DMA accesses that hit the same address more than once (possible double-fetches).
+
+I am still thinking of nicer ways of presenting this trace and providing a reproducer.
+-Alex
\ No newline at end of file