OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
qemu-e2k/hw
History
Thomas Huth 283f0a05e2 hw/net/net_tx_pkt: Fix crash detected by fuzzer 
QEMU currently crashes when it's started like this:

cat << EOF | ./qemu-system-i386 -device vmxnet3 -nodefaults -qtest stdio
outl 0xcf8 0x80001014
outl 0xcfc 0xe0001000
outl 0xcf8 0x80001018
outl 0xcf8 0x80001004
outw 0xcfc 0x7
outl 0xcf8 0x80001083
write 0x0 0x1 0xe1
write 0x1 0x1 0xfe
write 0x2 0x1 0xbe
write 0x3 0x1 0xba
writeq 0xe0001020 0xefefff5ecafe0000
writeq 0xe0001020 0xffff5e5ccafe0002
EOF

It hits this assertion:

qemu-system-i386: ../qemu/hw/net/net_tx_pkt.c:453: net_tx_pkt_reset:
 Assertion `pkt->raw' failed.

This happens because net_tx_pkt_init() is called with max_frags == 0 and
thus the allocation

    p->raw = g_new(struct iovec, max_frags);

results in a NULL pointer that causes the

    assert(pkt->raw);

in net_tx_pkt_reset() to fail later. To fix this issue we can check
that max_raw_frags was not zero before asserting that pkt->raw is
a non-NULL pointer.

Buglink: https://bugs.launchpad.net/qemu/+bug/1890157
Message-Id: <20210715193219.1132571-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Pankaj Gupta <pankaj.gupta@ionos.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
 		2021-07-19 09:33:39 +02:00
..
9pfs 9pfs: reduce latency of Twalk 2021-07-05 13:03:16 +02:00
acpi hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35 2021-07-16 04:34:22 -04:00
adc adc: Move the max111x driver to the adc directory 2021-06-17 07:10:32 -05:00
alpha hw/alpha: Provide a PCI-ISA bridge device node 2021-06-28 07:27:32 -07:00
arm hw/arm/virt-acpi-build: Add IORT support to bypass SMMUv3 2021-07-16 11:10:45 -04:00
audio hw/audio/sb16: Restrict I/O sampling rate range for command 41h/42h 2021-06-24 11:42:54 +02:00
avr hw/avr/atmega.c: use the avr51 cpu for atmega1280 2021-05-13 19:11:42 +02:00
block pc,pci,virtio: bugfixes, improvements 2021-07-09 14:30:01 +01:00
char char: ibex_uart: Update the register layout 2021-07-15 08:56:00 +10:00
core hw/pci/pcie: Do not set HPC flag if acpihp is used 2021-07-16 04:33:35 -04:00
cpu cpu/core: Fix "help" of CPU core device types 2021-04-09 16:05:16 -04:00
cris Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
display * More SVM fixes (Lara) 2021-07-11 22:20:51 +01:00
dma docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
gpio hw/gpio/pl061: Document a shortcoming in our implementation 2021-07-09 16:09:12 +01:00
hppa docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
hyperv vmbus: Don't make QOM property registration conditional 2021-07-06 18:04:38 -04:00
i2c hw/i2c: add support for PMBus 2021-07-08 14:15:45 -05:00
i386 hw/i386/acpi-build: Add IVRS support to bypass iommu 2021-07-16 11:10:45 -04:00
ide docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
input Some qemu updates for IPMI and I2C 2021-07-11 14:32:49 +01:00
intc s390x updates: 2021-07-12 19:15:11 +01:00
ipack Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ipmi ipmi/sim: fix watchdog_expired data type error in IPMIBmcSim struct 2021-07-08 14:15:01 -05:00
isa hw/block/fdc: Extract ISA floppy controllers to fdc-isa.c 2021-06-25 08:53:28 -04:00
m68k hw/m68k/q800: fix PROM checksum and MAC address storage 2021-07-02 17:35:08 +02:00
mem docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
microblaze Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
mips hw/mips/jazz: Map the UART devices unconditionally 2021-07-02 17:35:08 +02:00
misc Some qemu updates for IPMI and I2C 2021-07-11 14:32:49 +01:00
net hw/net/net_tx_pkt: Fix crash detected by fuzzer 2021-07-19 09:33:39 +02:00
nios2 Do not include cpu.h if it's not really necessary 2021-05-02 17:24:51 +02:00
nubus hw: Do not include hw/sysbus.h if it is not necessary 2021-05-02 17:24:50 +02:00
nvme hw/nvme: fix pin-based interrupt behavior (again) 2021-06-29 07:18:10 +02:00
nvram docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
openrisc Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
pci hw/pci: Add pci_bus_range() to get PCI bus number range 2021-07-16 11:10:45 -04:00
pci-bridge hw/pxb: Add a bypass iommu property 2021-07-16 11:10:45 -04:00
pci-host hw/i386: Add a default_bus_bypass_iommu pc machine option 2021-07-16 11:10:45 -04:00
pcmcia hw/pcmcia: Do not register PCMCIA type if not required 2021-05-02 17:24:50 +02:00
ppc ppc/pegasos2: Allow setprop in VOF 2021-07-13 10:04:30 +10:00
rdma pvrdma: Fix the ring init error flow (CVE-2021-3608) 2021-07-04 22:47:51 +03:00
remote multi-process: Initialize variables declared with g_auto* 2021-05-21 15:43:57 +01:00
riscv hw/riscv/boot: Check the error of fdt_pack() 2021-07-15 09:35:46 +10:00
rtc docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
rx hw/rx/rx-gdbsim: Do not accept invalid memory size 2021-05-03 10:07:41 +02:00
s390x s390x updates: 2021-07-12 19:15:11 +01:00
scsi virtio: Clarify MR transaction optimization 2021-07-02 11:13:39 -04:00
sd hw/sd/sdcard: Check for valid address range in SEND_WRITE_PROT (CMD30) 2021-07-12 12:27:38 +02:00
sensor hw/misc: add MAX34451 device 2021-07-08 14:42:00 -05:00
sh4 Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
smbios hw/smbios: support for type 41 (onboard devices extended information) 2021-05-14 10:26:18 -04:00
sparc hw/block/fdc: Extract SysBus floppy controllers to fdc-sysbus.c 2021-06-25 08:53:28 -04:00
sparc64 hw/block/fdc: Extract ISA floppy controllers to fdc-isa.c 2021-06-25 08:53:28 -04:00
ssi Trivial patches pull request 20210503 2021-05-05 13:52:00 +01:00
timer hw/timer: Initial commit of Ibex Timer 2021-06-24 05:00:12 -07:00
tpm docs: fix references to docs/specs/tpm.rst 2021-06-02 06:51:09 +02:00
tricore hw/tricore: Add testdevice for tests in tests/tcg/ 2021-05-18 09:36:21 +01:00
usb * More SVM fixes (Lara) 2021-07-11 22:20:51 +01:00
vfio vfio/pci: Add pba_offset PCI quirk for BAIDU KUNLUN AI processor 2021-07-14 13:47:17 -06:00
virtio vhost-vsock: SOCK_SEQPACKET feature bit support 2021-07-16 11:10:45 -04:00
watchdog docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
xen docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
xenpv meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
xtensa Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
Kconfig sensor: Move hardware sensors from misc to a sensor directory 2021-06-17 07:10:32 -05:00
meson.build sensor: Move hardware sensors from misc to a sensor directory 2021-06-17 07:10:32 -05:00