[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v2] hw/i386/vmport: Allow QTest use without crashing
From: |
Alexander Bulekov |
Subject: |
Re: [RFC PATCH v2] hw/i386/vmport: Allow QTest use without crashing |
Date: |
Sat, 23 May 2020 22:22:36 -0400 |
User-agent: |
NeoMutt/20180716 |
On 200518 1231, Philippe Mathieu-Daudé wrote:
> Trying libFuzzer on the vmport device, we get:
>
> AddressSanitizer:DEADLYSIGNAL
> =================================================================
> ==29476==ERROR: AddressSanitizer: SEGV on unknown address 0x000000008840
> (pc 0x56448bec4d79 bp 0x7ffeec9741b0 sp 0x7ffeec9740e0 T0)
> ==29476==The signal is caused by a READ memory access.
> #0 0x56448bec4d78 in vmport_ioport_read (qemu-fuzz-i386+0x1260d78)
> #1 0x56448bb5f175 in memory_region_read_accessor (qemu-fuzz-i386+0xefb175)
> #2 0x56448bb30c13 in access_with_adjusted_size (qemu-fuzz-i386+0xeccc13)
> #3 0x56448bb2ea27 in memory_region_dispatch_read1
> (qemu-fuzz-i386+0xecaa27)
> #4 0x56448bb2e443 in memory_region_dispatch_read (qemu-fuzz-i386+0xeca443)
> #5 0x56448b961ab1 in flatview_read_continue (qemu-fuzz-i386+0xcfdab1)
> #6 0x56448b96336d in flatview_read (qemu-fuzz-i386+0xcff36d)
> #7 0x56448b962ec4 in address_space_read_full (qemu-fuzz-i386+0xcfeec4)
>
> X86CPU is NULL because QTest accelerator does not use CPU.
> Fix by returning default values when QTest accelerator is used.
>
Ah - it was QTest. Thank you for this - I would always run into this
crash within a second of fuzzing.
-Alex