OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw/ide
History
Philippe Mathieu-Daudé 1d1c4bdb73 hw/ide/ahci: Do not dma_memory_unmap(NULL) 
libFuzzer triggered the following assertion:

  cat << EOF | qemu-system-i386 -M pc-q35-5.0 \
    -nographic -monitor none -serial none -qtest stdio
  outl 0xcf8 0x8000fa24
  outl 0xcfc 0xe1068000
  outl 0xcf8 0x8000fa04
  outw 0xcfc 0x7
  outl 0xcf8 0x8000fb20
  write 0xe1068304 0x1 0x21
  write 0xe1068318 0x1 0x21
  write 0xe1068384 0x1 0x21
  write 0xe1068398 0x2 0x21
  EOF
  qemu-system-i386: exec.c:3621: address_space_unmap: Assertion `mr != NULL' failed.
  Aborted (core dumped)

This is because we don't check the return value from dma_memory_map()
which can return NULL, then we call dma_memory_unmap(NULL) which is
illegal. Fix by only unmap if the value is not NULL (and the size is
not the expected one).

Cc: qemu-stable@nongnu.org
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200718072854.7001-1-f4bug@amsat.org
Fixes: f6ad2e32f8 ("ahci: add ahci emulation")
BugLink: https://bugs.launchpad.net/qemu/+bug/1884693
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
 		2020-10-01 13:04:16 -04:00
..
Kconfig hw/ide/ahci: Add a Kconfig switch for the AHCI-ICH9 device 2019-05-13 09:36:31 +02:00
ahci-allwinner.c ahci: Move QOM macro to header 2020-08-27 14:04:54 -04:00
ahci.c hw/ide/ahci: Do not dma_memory_unmap(NULL) 2020-10-01 13:04:16 -04:00
ahci_internal.h ahci: Move QOM macros to header 2020-08-27 14:04:54 -04:00
atapi.c hw/ide/atapi: Replace magic '512' value by BDRV_SECTOR_SIZE 2020-09-01 11:27:26 +02:00
cmd646.c cmd646-ide: use qdev gpio rather than qemu_allocate_irqs() 2020-03-27 14:30:08 -04:00
core.c hw/ide/core: Trivial typo fix 2020-09-01 11:27:26 +02:00
ich.c ahci: Rename ICH_AHCI to ICH9_AHCI 2020-09-09 13:20:22 -04:00
ioport.c Clean up inclusion of sysemu/sysemu.h 2019-08-16 13:31:53 +02:00
isa.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
macio.c hw/ide: Make IDEDMAOps handlers take a const IDEDMA pointer 2020-06-17 14:53:39 +02:00
meson.build meson: convert hw/ide 2020-08-21 06:30:30 -04:00
microdrive.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
mmio.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
pci.c hw/ide/pci: Replace magic '512' value by BDRV_SECTOR_SIZE 2020-09-01 11:27:26 +02:00
piix.c hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
qdev.c qom: Put name parameter before value / visitor parameter 2020-07-10 15:18:08 +02:00
sii3112.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
trace-events trace-events: Fix attribution of trace points to source 2019-03-22 16:18:07 +00:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
via.c via-ide: use qdev gpio rather than qemu_allocate_irqs() 2020-03-27 14:30:08 -04:00