[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1799200] Re: null pointer dereference in tcg_emit_op
|
From: |
Emilio G. Cota |
|
Subject: |
[Qemu-devel] [Bug 1799200] Re: null pointer dereference in tcg_emit_op |
|
Date: |
Tue, 23 Oct 2018 00:26:00 -0000 |
1. You're leaking the "ptr" TCG temp. Fix it, and also test your code with the
--enable-debug-tcg configure flag.
2. Don't insert your helper in .insn_start; you'll have better luck in
.translate_insn.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1799200
Title:
null pointer dereference in tcg_emit_op
Status in QEMU:
Invalid
Bug description:
I am insert a custom tcg helper function in i386_tr_insn_start for
trace the instructions.
most of time the qemu runed ok ,but when execute some special software
will lead to crash.
the below is the insert code:
=======================================================================================
8514 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu)
8515 {
8516 DisasContext *dc = container_of(dcbase, DisasContext, base);
8517 TCGv_ptr ptr= tcg_const_ptr((void*)cpu); // inserted hepler code
8518 gen_helper_mad_exec(ptr);// insert helper code
8519 tcg_gen_insn_start(dc->base.pc_next, dc->cc_op);
8520 }
======================================================================================
below is the callstack
#0 0x000055555581df5e in tcg_emit_op (address@hidden) at
/root/qemu/tcg/tcg.c:2205
#1 0x0000555555825911 in tcg_gen_op2 (address@hidden, a1=140734736923704,
address@hidden) at /root/qemu/tcg/tcg-op.c:53
#2 0x000055555581d713 in tcg_const_i64 (opc=INDEX_op_movi_i64, a2=792,
a1=0x7378) at /root/qemu/tcg/tcg-op.h:109
#3 0x000055555581d713 in tcg_const_i64 (arg=792, ret=<optimized out>) at
/root/qemu/tcg/tcg-op.h:579
#4 0x000055555581d713 in tcg_const_i64 (address@hidden) at
/root/qemu/tcg/tcg.c:1314
#5 0x000055555582732d in tcg_gen_addi_i64 (ret=0xd18, arg1=0x378,
address@hidden) at /root/qemu/tcg/tcg-op.c:1200
#6 0x000055555590ffaf in gen_sse (b=792, a=<optimized out>, r=<optimized
out>) at /root/qemu/tcg/tcg-op.h:1258
#7 0x000055555590ffaf in gen_sse (address@hidden, address@hidden,
address@hidden, address@hidden, address@hidden) at
/root/qemu/target/i386/translate.c:3150
#8 0x0000555555911d7f in disas_insn (address@hidden, cpu=<optimized out>) at
/root/qemu/target/i386/translate.c:8336
#9 0x00005555559207a0 in i386_tr_translate_insn (dcbase=0x7fffea99a610,
cpu=<optimized out>) at /root/qemu/target/i386/translate.c:8543
#10 0x0000555555892649 in translator_loop (ops=0x55555622dee0 <i386_tr_ops>,
db=0x7fffea99a610, cpu=0x55555673a220, tb=<optimized out>) at
/root/qemu/accel/tcg/translator.c:110
#11 0x00005555559209ef in gen_intermediate_code (address@hidden,
address@hidden <code_gen_buffer+208150547>) at
/root/qemu/target/i386/translate.c:8605
#12 0x0000555555891437 in tb_gen_code (address@hidden, address@hidden,
address@hidden, address@hidden, address@hidden) at
/root/qemu/accel/tcg/translate-all.c:1728
#13 0x000055555588f97b in cpu_exec (cf_mask=0, tb_exit=0, last_tb=0x0,
cpu=0x0) at /root/qemu/accel/tcg/cpu-exec.c:410
#14 0x000055555588f97b in cpu_exec (address@hidden) at
/root/qemu/accel/tcg/cpu-exec.c:734
#15 0x000055555584b152 in tcg_cpu_exec (cpu=0x55555673a220) at
/root/qemu/cpus.c:1405
#16 0x000055555584d1b8 in qemu_tcg_rr_cpu_thread_fn (arg=<optimized out>) at
/root/qemu/cpus.c:1505
#17 0x00007ffff2585e25 in start_thread () at /lib64/libpthread.so.0
#18 0x00007ffff22afbad in clone () at /lib64/libc.so.6
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1799200/+subscriptions