OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
46609b90d9
qemu-e2k/tests/qtest
History
Philippe Mathieu-Daudé 46609b90d9 tests/qtest/fdc-test: Add a regression test for CVE-2021-3507 
Add the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/339

Without the previous commit, when running 'make check-qtest-i386'
with QEMU configured with '--enable-sanitizers' we get:

  ==4028352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000062a00 at pc 0x5626d03c491a bp 0x7ffdb4199410 sp 0x7ffdb4198bc0
  READ of size 786432 at 0x619000062a00 thread T0
      #0 0x5626d03c4919 in __asan_memcpy (qemu-system-i386+0x1e65919)
      #1 0x5626d1c023cc in flatview_write_continue softmmu/physmem.c:2787:13
      #2 0x5626d1bf0c0f in flatview_write softmmu/physmem.c:2822:14
      #3 0x5626d1bf0798 in address_space_write softmmu/physmem.c:2914:18
      #4 0x5626d1bf0f37 in address_space_rw softmmu/physmem.c:2924:16
      #5 0x5626d1bf14c8 in cpu_physical_memory_rw softmmu/physmem.c:2933:5
      #6 0x5626d0bd5649 in cpu_physical_memory_write include/exec/cpu-common.h:82:5
      #7 0x5626d0bd0a07 in i8257_dma_write_memory hw/dma/i8257.c:452:9
      #8 0x5626d09f825d in fdctrl_transfer_handler hw/block/fdc.c:1616:13
      #9 0x5626d0a048b4 in fdctrl_start_transfer hw/block/fdc.c:1539:13
      #10 0x5626d09f4c3e in fdctrl_write_data hw/block/fdc.c:2266:13
      #11 0x5626d09f22f7 in fdctrl_write hw/block/fdc.c:829:9
      #12 0x5626d1c20bc5 in portio_write softmmu/ioport.c:207:17

  0x619000062a00 is located 0 bytes to the right of 512-byte region [0x619000062800,0x619000062a00)
  allocated by thread T0 here:
      #0 0x5626d03c66ec in posix_memalign (qemu-system-i386+0x1e676ec)
      #1 0x5626d2b988d4 in qemu_try_memalign util/oslib-posix.c:210:11
      #2 0x5626d2b98b0c in qemu_memalign util/oslib-posix.c:226:27
      #3 0x5626d09fbaf0 in fdctrl_realize_common hw/block/fdc.c:2341:20
      #4 0x5626d0a150ed in isabus_fdc_realize hw/block/fdc-isa.c:113:5
      #5 0x5626d2367935 in device_set_realized hw/core/qdev.c:531:13

  SUMMARY: AddressSanitizer: heap-buffer-overflow (qemu-system-i386+0x1e65919) in __asan_memcpy
  Shadow bytes around the buggy address:
    0x0c32800044f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    0x0c3280004500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    0x0c3280004510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    0x0c3280004520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    0x0c3280004530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  =>0x0c3280004540:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    0x0c3280004550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    0x0c3280004560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    0x0c3280004570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    0x0c3280004580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
    0x0c3280004590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  Shadow byte legend (one shadow byte represents 8 application bytes):
    Addressable:           00
    Heap left redzone:       fa
    Freed heap region:       fd
  ==4028352==ABORTING

[ kwolf: Added snapshot=on to prevent write file lock failure ]

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2022-05-12 13:03:25 +02:00
..
fuzz Clean up header guards that don't match their file name 2022-05-11 16:49:06 +02:00
libqos libqtest: split QMP part in libqmp 2022-05-03 15:17:08 +04:00
ac97-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
acpi-utils.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
acpi-utils.h tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
adm1272-test.c tests/qtest: add tests for ADM1272 device model 2021-07-08 14:41:59 -05:00
ahci-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
am53c974-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
arm-cpu-features.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
aspeed_gpio-test.c hw/gpio/aspeed_gpio: Fix QOM pin property 2022-05-02 17:03:04 +02:00
aspeed_hace-test.c Misc cleanups 2022-05-03 09:13:17 -07:00
aspeed_smc-test.c tests/qtest: Rename m25p80 test in aspeed_smc test 2021-05-01 10:03:52 +02:00
bios-tables-test-allowed-diff.h tests/acpi: i386: update FACP table differences 2022-03-06 16:06:16 -05:00
bios-tables-test.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
boot-order-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
boot-sector.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
boot-sector.h tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
boot-serial-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
cdrom-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
cmsdk-apb-dualtimer-test.c tests: Add a simple test of the CMSDK APB dual timer 2021-01-29 15:54:42 +00:00
cmsdk-apb-timer-test.c tests: Add a simple test of the CMSDK APB timer 2021-01-29 15:54:42 +00:00
cmsdk-apb-watchdog-test.c tests/qtest/cmsdk-apb-watchdog-test: Test clock changes 2021-01-29 15:54:44 +00:00
cpu-plug-test.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
dbus-display-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
dbus-vmstate-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
device-introspect-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
device-plug-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
display-vga-test.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
drive_del-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
ds1338-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
e1000-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
e1000e-test.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
eepro100-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
emc141x-test.c sensor: Move hardware sensors from misc to a sensor directory 2021-06-17 07:10:32 -05:00
endianness-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
erst-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
es1370-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
fdc-test.c tests/qtest/fdc-test: Add a regression test for CVE-2021-3507 2022-05-12 13:03:25 +02:00
fuzz-e1000e-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
fuzz-lsi53c895a-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
fuzz-megasas-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
fuzz-sb16-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
fuzz-sdcard-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
fuzz-virtio-scsi-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
fuzz-xlnx-dp-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
fw_cfg-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
hd-geo-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
hexloader-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
i440fx-test.c tests/x86: Use 'pc' machine type for old hardware tests 2022-02-21 10:13:23 +01:00
i82801b11-test.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
ide-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
intel-hda-test.c tests/qtest/intel-hda-test: Add reproducer for issue #542 2022-03-21 10:25:21 +01:00
ioh3420-test.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
ipmi-bt-test.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
ipmi-kcs-test.c tests: Avoid side effects inside g_assert() arguments 2021-05-14 12:28:01 +02:00
ipoctal232-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
isl_pmbus_vr-test.c hw/sensor: add Renesas raa228000 device 2022-03-08 18:46:48 +01:00
ivshmem-test.c tests: replace pipe() with g_unix_open_pipe(CLOEXEC) 2022-05-03 15:46:08 +04:00
libqmp.c libqtest: split QMP part in libqmp 2022-05-03 15:17:08 +04:00
libqmp.h Clean up ill-advised or unusual header guards 2022-05-11 16:50:01 +02:00
libqtest-single.h tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
libqtest.c libqtest: split QMP part in libqmp 2022-05-03 15:17:08 +04:00
libqtest.h libqtest: split QMP part in libqmp 2022-05-03 15:17:08 +04:00
lpc-ich9-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
lsm303dlhc-mag-test.c hw/sensor: Add lsm303dlhc magnetometer device 2022-02-08 10:56:29 +00:00
m48t59-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
machine-none-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
max34451-test.c tests/qtest: add tests for MAX34451 device model 2021-07-08 14:42:00 -05:00
megasas-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
meson.build meson: use have_vhost_* variables to pick sources 2022-05-07 07:46:58 +02:00
microbit-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
migration-helpers.c tests/migration: fix memleak in wait_command/wait_command_fd 2020-10-24 07:23:19 +02:00
migration-helpers.h Clean up ill-advised or unusual header guards 2022-05-11 16:50:01 +02:00
migration-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
modules-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
ne2000-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
npcm7xx_adc-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
npcm7xx_emc-test.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
npcm7xx_gpio-test.c hw/gpio: Add GPIO model for Nuvoton NPCM7xx 2020-10-27 11:10:32 +00:00
npcm7xx_pwm-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
npcm7xx_rng-test.c include: move C/util-related declarations to cutils.h 2022-04-06 14:31:43 +02:00
npcm7xx_sdhci-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
npcm7xx_smbus-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
npcm7xx_timer-test.c tests/qtest: variable defined by g_autofree need to be initialized 2020-11-20 13:34:22 +01:00
npcm7xx_watchdog_timer-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
numa-test.c qtest/numa-test: Correct CPU and NUMA association in aarch64_numa_cpu() 2022-05-09 11:47:55 +01:00
nvme-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
pca9552-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
pci-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
pcnet-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
pflash-cfi02-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
pnv-xscom-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
prom-env-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
pvpanic-pci-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
pvpanic-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
pxe-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
q35-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
qmp-cmd-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
qmp-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
qom-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
qos-test.c tests/qtest/qos-test: dump QEMU command if verbose 2021-02-16 17:15:39 +01:00
rtas-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
rtc-test.c tests/qtest/rtc-test: Remove pointless NULL check 2021-05-14 12:28:01 +02:00
rtl8139-test.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
sdhci-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
spapr-phb-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
sse-timer-test.c tests/qtest/sse-timer-test: Test counter scaling changes 2021-03-08 17:20:03 +00:00
tco-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
test-arm-mptimer.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
test-filter-mirror.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
test-filter-redirector.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
test-hmp.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
test-netfilter.c tests/qtest: Make the filter tests independent from a specific NIC 2021-12-22 08:13:05 +01:00
test-x86-cpuid-compat.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
tmp105-test.c sensor: Move hardware sensors from misc to a sensor directory 2021-06-17 07:10:32 -05:00
tpm-crb-swtpm-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
tpm-crb-test.c tests: Add tpm_version field to TPMTestState and fill it 2021-08-31 17:33:11 -04:00
tpm-emu.c tests: Use QMP to check whether a TPM device model is available 2021-08-31 17:33:12 -04:00
tpm-emu.h tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
tpm-tests.c tests/qtest/tpm-tests: Remove unnecessary NULL checks 2021-06-03 16:43:27 +01:00
tpm-tests.h test: tpm: pass optional machine options to swtpm test functions 2020-03-05 12:18:33 -05:00
tpm-tis-device-swtpm-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
tpm-tis-device-test.c tests: Add tpm_version field to TPMTestState and fill it 2021-08-31 17:33:11 -04:00
tpm-tis-swtpm-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
tpm-tis-test.c tests: Add tpm_version field to TPMTestState and fill it 2021-08-31 17:33:11 -04:00
tpm-tis-util.c tests: Rename TestState to TPMTestState 2021-08-31 17:33:10 -04:00
tpm-tis-util.h test: tpm-tis: Get prepared to share tests between ISA and sysbus devices 2020-03-05 12:18:39 -05:00
tpm-util.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
tpm-util.h test: tpm-tis: Get prepared to share tests between ISA and sysbus devices 2020-03-05 12:18:39 -05:00
tulip-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
usb-hcd-ehci-test.c libqos: usb-hcd-ehci: use 32-bit write for config register 2020-06-26 06:45:29 -04:00
usb-hcd-ohci-test.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
usb-hcd-uhci-test.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
usb-hcd-xhci-test.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
vhost-user-blk-test.c Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
vhost-user-test.c tests: replace qemu_set_nonblock() 2022-05-03 15:53:15 +04:00
virtio-9p-test.c 9pfs: Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
virtio-blk-test.c Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
virtio-ccw-test.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
virtio-iommu-test.c tests/qtest/virtio-iommu-test: Check bypass config 2022-03-06 05:08:23 -05:00
virtio-net-failover.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
virtio-net-test.c Remove qemu-common.h include from most units 2022-04-06 14:31:55 +02:00
virtio-rng-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
virtio-scsi-test.c tests/qtest/virtio-scsi-test: add unmap large LBA with 4k blocks test 2021-06-04 13:47:08 +02:00
virtio-serial-test.c test: Move qtests to a separate directory 2020-01-12 11:42:41 +01:00
virtio-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
vmgenid-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
vmxnet3-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
wdt_ib700-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00
xlnx-can-test.c tests: move libqtest.h back under qtest/ 2022-05-03 15:16:51 +04:00