summary refs log tree commit diff stats
path: root/results/scraper/launchpad-without-comments/1907497
diff options
context:
space:
mode:
Diffstat (limited to 'results/scraper/launchpad-without-comments/1907497')
-rw-r--r--results/scraper/launchpad-without-comments/190749758
1 files changed, 58 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1907497 b/results/scraper/launchpad-without-comments/1907497
new file mode 100644
index 000000000..ffac6fa8d
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1907497
@@ -0,0 +1,58 @@
+[OSS-Fuzz] Issue 28435 qemu:qemu-fuzz-i386-target-generic-fuzz-intel-hda: Stack-overflow in ldl_le_dma
+
+ affects qemu
+
+=== Reproducer (build with --enable-sanitizers) ===
+
+cat << EOF | ./qemu-system-i386 -machine q35 -nodefaults \
+-device intel-hda,id=hda0 -device hda-output,bus=hda0.0 \
+-device hda-micro,bus=hda0.0 -device hda-duplex,bus=hda0.0 \
+-qtest stdio
+outl 0xcf8 0x80000804
+outw 0xcfc 0xffff
+write 0x0 0x1 0x12
+write 0x2 0x1 0x2f
+outl 0xcf8 0x80000811
+outl 0xcfc 0x5a6a4406
+write 0x6a44005a 0x1 0x11
+write 0x6a44005c 0x1 0x3f
+write 0x6a442050 0x4 0x0000446a
+write 0x6a44204a 0x1 0xf3
+write 0x6a44204c 0x1 0xff
+writeq 0x6a44005a 0x17b3f0011
+write 0x6a442050 0x4 0x0000446a
+write 0x6a44204a 0x1 0xf3
+write 0x6a44204c 0x1 0xff
+EOF
+
+=== Stack Trace ===
+==411958==ERROR: AddressSanitizer: stack-overflow on address 0x7ffcaeb8bc88 (pc 0x55c7c9dc1159 bp 0x7ffcaeb8c4d0 sp 0x7ffcaeb8bc90 T0)
+    #0 0x55c7c9dc1159 in __asan_memcpy (u-system-i386+0x2a13159)
+    #1 0x55c7cb2a457e in flatview_do_translate softmmu/physmem.c:513:12
+    #2 0x55c7cb2bdab0 in flatview_translate softmmu/physmem.c:563:15
+    #3 0x55c7cb2bdab0 in flatview_read softmmu/physmem.c:2861:10
+    #4 0x55c7cb2bdab0 in address_space_read_full softmmu/physmem.c:2875:18
+    #5 0x55c7caaec937 in dma_memory_rw_relaxed include/sysemu/dma.h:87:18
+    #6 0x55c7caaec937 in dma_memory_rw include/sysemu/dma.h:110:12
+    #7 0x55c7caaec937 in dma_memory_read include/sysemu/dma.h:116:12
+    #8 0x55c7caaec937 in ldl_le_dma include/sysemu/dma.h:179:1
+    #9 0x55c7caaec937 in ldl_le_pci_dma include/hw/pci/pci.h:816:1
+    #10 0x55c7caaec937 in intel_hda_corb_run hw/audio/intel-hda.c:338:16
+    #11 0x55c7cb2e7198 in memory_region_write_accessor softmmu/memory.c:491:5
+    #12 0x55c7cb2e6bd3 in access_with_adjusted_size softmmu/memory.c:552:18
+    #13 0x55c7cb2e646c in memory_region_dispatch_write softmmu/memory.c
+    #14 0x55c7cb2c8445 in flatview_write_continue softmmu/physmem.c:2759:23
+    #15 0x55c7cb2bdfb8 in flatview_write softmmu/physmem.c:2799:14
+    #16 0x55c7cb2bdfb8 in address_space_write softmmu/physmem.c:2891:18
+    #17 0x55c7caae2c54 in dma_memory_rw_relaxed include/sysemu/dma.h:87:18
+    #18 0x55c7caae2c54 in dma_memory_rw include/sysemu/dma.h:110:12
+    #19 0x55c7caae2c54 in dma_memory_write include/sysemu/dma.h:122:12
+    #20 0x55c7caae2c54 in stl_le_dma include/sysemu/dma.h:179:1
+    #21 0x55c7caae2c54 in stl_le_pci_dma include/hw/pci/pci.h:816:1
+    #22 0x55c7caae2c54 in intel_hda_response hw/audio/intel-hda.c:370:5
+    #23 0x55c7caaeca00 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
+    #24 0x55c7cb2e7198 in memory_region_write_accessor softmmu/memory.c:491:5
+...
+
+OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28435
+