[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1890333] Re: [OSS-Fuzz] Issue 26797: qemu:qemu-fuzz-i386-target-gen
From: |
Qiuhao Li |
Subject: |
[Bug 1890333] Re: [OSS-Fuzz] Issue 26797: qemu:qemu-fuzz-i386-target-generic-fuzz-virtio-blk: ASSERT: addr < cache->len && 2 <= cache->len - addr |
Date: |
Tue, 15 Dec 2020 13:43:52 -0000 |
Hi,
It seems while the minimized producer doesn't fail the assertion now,
the original reproducer provided by OSS-Fuzz[1] can still crash the
latest QEMU (1758428, Dec 12, built with --enable-sanitizers --enable-
fuzzing). Could anyone check if they trigger different bugs?
Tested on:
Ubuntu: 20.04.1 5.4.0-58-generic x86_64
clang: 10.0.0-4ubuntu1
glibc: 2.31-0ubuntu9.1
libglib2.0-dev: 2.64.3-1~ubuntu20.04.1
[1] https://bugs.launchpad.net/qemu/+bug/1890333/comments/1
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1890333
Title:
[OSS-Fuzz] Issue 26797: qemu:qemu-fuzz-i386-target-generic-fuzz-
virtio-blk: ASSERT: addr < cache->len && 2 <= cache->len - addr
Status in QEMU:
Fix Released
Bug description:
Hello,
Reproducer:
cat << EOF | ./i386-softmmu/qemu-system-i386 \
-drive id=mydrive,file=null-co://,size=2M,format=raw,if=none \
-device virtio-blk,drive=mydrive \
-nodefaults -qtest stdio -nographic
outl 0xcf8 0x80001001
outl 0xcfc 0x6574c1ff
outl 0xcf8 0x8000100e
outl 0xcfc 0xefe5e1e
outl 0xe86 0x3aff9090
outl 0xe84 0x3aff9090
outl 0xe8e 0xe
EOF
qemu-system-i386:
/home/alxndr/Development/qemu/general-fuzz/include/exec/memory_ldst_cached.inc.h:88:
void address_space_stw_le_cached(MemoryRegionCache *, hwaddr, uint32_t,
MemTxAttrs, MemTxResult *): Assertion `addr < cache->len && 2 <= cache->len -
addr' failed.
Aborted
I can trigger similar assertions with other VIRTIO devices, as-well.
I reported this at some point in Message-ID:
<20200511033001.dzvtbdhl3oz5pgiy@mozz.bu.edu> but never created a Launchpad
issue...
-Alex
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1890333/+subscriptions