[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for C
From: |
Philippe Mathieu-Daudé |
Subject: |
[PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196 |
Date: |
Thu, 18 Nov 2021 13:06:35 +0100 |
From: Alexander Bulekov <alxndr@bu.edu>
Without the previous commit, when running 'make check-qtest-i386'
with QEMU configured with '--enable-sanitizers' we get:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==287878==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000344
==287878==The signal is caused by a WRITE memory access.
==287878==Hint: address points to the zero page.
#0 0x564b2e5bac27 in blk_inc_in_flight block/block-backend.c:1346:5
#1 0x564b2e5bb228 in blk_pwritev_part block/block-backend.c:1317:5
#2 0x564b2e5bcd57 in blk_pwrite block/block-backend.c:1498:11
#3 0x564b2ca1cdd3 in fdctrl_write_data hw/block/fdc.c:2221:17
#4 0x564b2ca1b2f7 in fdctrl_write hw/block/fdc.c:829:9
#5 0x564b2dc49503 in portio_write softmmu/ioport.c:201:9
Add the reproducer for CVE-2021-20196.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20210319050906.14875-2-alxndr@bu.edu>
[PMD: Rebased, use global test_image]
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
tests/qtest/fdc-test.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/tests/qtest/fdc-test.c b/tests/qtest/fdc-test.c
index f164d972d10..0f8b9b753f4 100644
--- a/tests/qtest/fdc-test.c
+++ b/tests/qtest/fdc-test.c
@@ -565,6 +565,26 @@ static void test_cve_2021_3507(void)
qtest_quit(s);
}
+static void test_cve_2021_20196(void)
+{
+ QTestState *s;
+
+ s = qtest_initf("-nographic -m 32M -nodefaults "
+ "-drive file=%s,format=raw,if=floppy", test_image);
+ qtest_outw(s, 0x3f2, 0x0004);
+ qtest_outw(s, 0x3f4, 0x0200);
+ qtest_outw(s, 0x3f4, 0x0000);
+ qtest_outw(s, 0x3f4, 0x0000);
+ qtest_outw(s, 0x3f4, 0x0000);
+ qtest_outw(s, 0x3f4, 0x0000);
+ qtest_outw(s, 0x3f4, 0x0000);
+ qtest_outw(s, 0x3f4, 0x0000);
+ qtest_outw(s, 0x3f4, 0x0000);
+ qtest_outw(s, 0x3f4, 0x0000);
+ qtest_outw(s, 0x3f2, 0x0001);
+ qtest_quit(s);
+}
+
int main(int argc, char **argv)
{
int fd;
@@ -596,6 +616,7 @@ int main(int argc, char **argv)
qtest_add_func("/fdc/read_no_dma_19", test_read_no_dma_19);
qtest_add_func("/fdc/fuzz-registers", fuzz_registers);
qtest_add_func("/fdc/fuzz/cve_2021_3507", test_cve_2021_3507);
+ qtest_add_func("/fdc/fuzz/cve_2021_20196", test_cve_2021_20196);
ret = g_test_run();
--
2.31.1
- [PATCH-for-6.2 v3 0/2] hw/block/fdc: Fix CVE-2021-20196, Philippe Mathieu-Daudé, 2021/11/18
- [PATCH-for-6.2 v3 1/2] hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196, Philippe Mathieu-Daudé, 2021/11/18
- [PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196,
Philippe Mathieu-Daudé <=
- Re: [PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196, Hanna Reitz, 2021/11/23
- Re: [PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196, Philippe Mathieu-Daudé, 2021/11/23
- Re: [PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196, Hanna Reitz, 2021/11/23
- Re: [PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196, Philippe Mathieu-Daudé, 2021/11/24
- Re: [PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196, Hanna Reitz, 2021/11/24
- Re: [PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196, Philippe Mathieu-Daudé, 2021/11/24
- Re: [PATCH-for-6.2 v3 2/2] tests/qtest/fdc-test: Add a regression test for CVE-2021-20196, Alexander Bulekov, 2021/11/23
Re: [PATCH-for-6.2 v3 0/2] hw/block/fdc: Fix CVE-2021-20196, Philippe Mathieu-Daudé, 2021/11/22