[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] out of bounds in set_cc_op() (was: [PULL 00/46] First b
From: |
Thomas Huth |
Subject: |
Re: [Qemu-devel] out of bounds in set_cc_op() (was: [PULL 00/46] First batch of misc patches for QEMU 2.12) |
Date: |
Thu, 21 Dec 2017 13:49:44 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 |
On 20.12.2017 22:56, Paolo Bonzini wrote:
> On 20/12/2017 20:20, Peter Maydell wrote:
>> On the x86/sanitizer build, new runtime errors:
>> GTESTER check-qtest-m68k
>> /home/petmay01/linaro/qemu-for-merges/target/m68k/translate.c:230:12:
>> runtime error: index -1 out of bounds for type 'const uint8_t [11]'
>>
>> ...and similar fails on one or two boards on most of the other
>> guest architectures.
>
> These are preexisting bugs, now exposed by the boot-serial-test.
> Thomas, can you identify the architectures that have a problem and
> notify the maintainers? In the meanwhile I'll keep the boot-serial-test
> enhancements queued locally, and remove them from the pull request.
Laurent, Richard,
looks like old_op is -1 when set_cc_op() is called here for the first
time. The problem can be reproduced by running the mini-kernel directly.
Just get http://people.redhat.com/~thuth/m68k-uart.bin and run QEMU like
this:
qemu-system-m68k -nographic -kernel ~/tmp/m68k-uart.bin -serial none
That kernel only contains these few instructions:
0x41, 0xf9, 0xfc, 0x06, 0x00, 0x00, /* lea 0xfc060000,%a0 */
0x10, 0x3c, 0x00, 0x54, /* move.b #'T',%d0 */
0x11, 0x7c, 0x00, 0x04, 0x00, 0x08, /* move.b #4,8(%a0) */
0x11, 0x40, 0x00, 0x0c, /* move.b %d0,12(%a0) */
0x60, 0xfa /* bra.s loop */
The problem occurs during the second instruction (i.e. the first move.b).
Do you have any ideas where this -1 in s->cc_op could come from?
Thomas
- [Qemu-devel] [PULL 39/46] i8259: move TYPE_INTERRUPT_STATS_PROVIDER upper, (continued)
- [Qemu-devel] [PULL 39/46] i8259: move TYPE_INTERRUPT_STATS_PROVIDER upper, Paolo Bonzini, 2017/12/20
- [Qemu-devel] [PULL 40/46] checkpatch: volatile with a comment or sig_atomic_t is okay, Paolo Bonzini, 2017/12/20
- [Qemu-devel] [PULL 43/46] test: add some chardev mux event tests, Paolo Bonzini, 2017/12/20
- [Qemu-devel] [PULL 41/46] rcu: reduce more than 7MB heap memory by malloc_trim(), Paolo Bonzini, 2017/12/20
- [Qemu-devel] [PULL 42/46] chardev: fix backend events regression with mux chardev, Paolo Bonzini, 2017/12/20
- [Qemu-devel] [PULL 45/46] blockdev: convert qemu-nbd server to QIONetListener, Paolo Bonzini, 2017/12/20
- [Qemu-devel] [PULL 44/46] blockdev: convert internal NBD server to QIONetListener, Paolo Bonzini, 2017/12/20
- [Qemu-devel] [PULL 46/46] chardev: convert the socket server to QIONetListener, Paolo Bonzini, 2017/12/20
- Re: [Qemu-devel] [PULL 00/46] First batch of misc patches for QEMU 2.12, Peter Maydell, 2017/12/20
- Re: [Qemu-devel] [PULL 00/46] First batch of misc patches for QEMU 2.12, Paolo Bonzini, 2017/12/20
- Re: [Qemu-devel] out of bounds in set_cc_op() (was: [PULL 00/46] First batch of misc patches for QEMU 2.12),
Thomas Huth <=
- Re: [Qemu-devel] out of bounds in set_cc_op(), Laurent Vivier, 2017/12/21
- Re: [Qemu-devel] out of bounds in set_cc_op(), Laurent Vivier, 2017/12/21
- Re: [Qemu-devel] out of bounds in set_cc_op(), Paolo Bonzini, 2017/12/21
- Re: [Qemu-devel] out of bounds in set_cc_op(), Laurent Vivier, 2017/12/21
- Re: [Qemu-devel] out of bounds in set_cc_op(), Paolo Bonzini, 2017/12/21
- Re: [Qemu-devel] out of bounds in set_cc_op(), Laurent Vivier, 2017/12/21
- Re: [Qemu-devel] out of bounds in set_cc_op(), Laurent Vivier, 2017/12/21
- Re: [Qemu-devel] out of bounds in set_cc_op(), Paolo Bonzini, 2017/12/21
Re: [Qemu-devel] [PULL 00/46] First batch of misc patches for QEMU 2.12, no-reply, 2017/12/20