[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1911075] Re: [OSS-Fuzz] ahci: stack overflow in ahci_cond_start_eng
From: |
Peter Maydell |
Subject: |
[Bug 1911075] Re: [OSS-Fuzz] ahci: stack overflow in ahci_cond_start_engines |
Date: |
Fri, 15 Jan 2021 16:08:09 -0000 |
** Tags added: fuzzer
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1911075
Title:
[OSS-Fuzz] ahci: stack overflow in ahci_cond_start_engines
Status in QEMU:
Confirmed
Bug description:
=== Reproducer ===
while true; do cat << EOF; done | ./qemu-system-i386 -machine q35 -nodefaults
-nographic -qtest stdio -accel qtest
outl 0xcf8 0x8000fa27
outl 0xcfc 0x37414537
outl 0xcf8 0x8000fa01
outl 0xcfc 0x4606ce74
writew 0x37000f01 0x215a
writeq 0x37000100 0xfffaf
writeq 0x37000115 0xffff373d27004037
outl 0xcf8 0x8000fa01
outl 0xcfc 0x4606ce74
writeq 0x370000ff 0x3700011500
writeq 0x37000115 0xc41ffffff035a5a
outl 0xcf8 0x8000ea04
outb 0xcfc 0x15
outl 0xcf8 0x8000ea00
outw 0xcfc 0x5a1f
writeq 0x37000115 0x100007765746972
writeq 0x37000115 0xbf00000000000000
outl 0xcf8 0x8000ea04
outb 0xcfc 0x15
outl 0xcf8 0x8000fa46
outb 0xcfc 0xff
clock_step
writeq 0x37000115 0xaf
writeq 0x37000115 0x6301275541af7415
writeq 0x37000115 0xafaf5a5a743715
outb 0x64 0xfe
EOF
=== Stack Trace ===
==887446==ERROR: UndefinedBehaviorSanitizer: stack-overflow on address
0x7ffe567cae0c (pc 0x7fdd9100819e bp 0x7ffe567cb2b0 sp 0x7ffe567cad40 T887446)
#0 vfprintf
#1 fprintf
#2 ahci_mem_write /src/qemu/hw/ide/ahci.c:468:9
#3 memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
#4 access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
#5 memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
#6 flatview_write_continue /src/qemu/softmmu/physmem.c:2759:23
#7 flatview_write /src/qemu/softmmu/physmem.c:2799:14
#8 address_space_write /src/qemu/softmmu/physmem.c:2891:18
#9 address_space_unmap /src/qemu/softmmu/physmem.c:3217:9
#10 dma_memory_unmap /src/qemu/include/sysemu/dma.h:226:5
#11 map_page /src/qemu/hw/ide/ahci.c:249:9
#12 ahci_map_clb_address /src/qemu/hw/ide/ahci.c:748:5
#13 ahci_cond_start_engines /src/qemu/hw/ide/ahci.c:276:14
#14 ahci_port_write /src/qemu/hw/ide/ahci.c:339:9
#15 ahci_mem_write /src/qemu/hw/ide/ahci.c:513:9
#16 memory_region_write_accessor /src/qemu/softmmu/memory.c:491:5
#17 access_with_adjusted_size /src/qemu/softmmu/memory.c:552:18
#18 memory_region_dispatch_write /src/qemu/softmmu/memory.c:0:13
#19 flatview_write_continue /src/qemu/softmmu/physmem.c:2759:23
#20 flatview_write /src/qemu/softmmu/physmem.c:2799:14
#21 address_space_write /src/qemu/softmmu/physmem.c:2891:18
#22 address_space_unmap /src/qemu/softmmu/physmem.c:3217:9
#23 dma_memory_unmap /src/qemu/include/sysemu/dma.h:226:5
#24 map_page /src/qemu/hw/ide/ahci.c:249:9
#25 ahci_map_clb_address /src/qemu/hw/ide/ahci.c:748:5
#26 ahci_cond_start_engines /src/qemu/hw/ide/ahci.c:276:14
#27 ahci_port_write /src/qemu/hw/ide/ahci.c:339:9
#28 ahci_mem_write /src/qemu/hw/ide/ahci.c:513:9
... Repeat until we run out of stack
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1911075/+subscriptions