blob: c72ad849422ccc14e505d7d3e2a967e7deca4fe7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
id = 1377
title = "x86 CVT* series instructions fault"
state = "closed"
created_at = "2022-12-16T08:22:41.339Z"
closed_at = "2023-10-02T09:21:23.485Z"
labels = ["accel: TCG", "target: i386", "workflow::Patch available"]
url = "https://gitlab.com/qemu-project/qemu/-/issues/1377"
host-os = "Windows 10 20H2"
host-arch = "x86"
qemu-version = "7.1.90 (v7.2.0-rc0)"
guest-os = "None"
guest-arch = "x86"
description = """For example, CVTSD2SS instruction converts SRC[63:0] double precision floating point to DEST[31:0] single precision floating point. Although the CVTSD2SS instruction uses only 8 bytes, if it overlaps page boundary, I think QEMU tries to access over the valid memory and crashes."""
reproduce = """1. Compile this code
```
void main() {
mmap(0x555555559000, 0x1000, flag, ~~, 0);
asm("cvtsd2ss xmm1, qword ptr [0x555555559ff8]");
}
```
2. Execute. QEMU crashes but CPU does not."""
additional = """This bug is discovered by research conducted by KAIST SoftSec."""
|