mirror of
https://github.com/qemu/qemu.git
synced 2024-11-30 07:13:38 +08:00
24ec2863b1
Running postcopy-test with ASAN produces the following error:
QTEST_QEMU_BINARY=ppc64-softmmu/qemu-system-ppc64 tests/postcopy-test
...
=================================================================
==23641==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f1556600000 at pc 0x55b8e9d28208 bp 0x7f1555f4d3c0 sp 0x7f1555f4d3b0
READ of size 8 at 0x7f1556600000 thread T6
#0 0x55b8e9d28207 in htab_save_first_pass /home/elmarco/src/qq/hw/ppc/spapr.c:1528
#1 0x55b8e9d2939c in htab_save_iterate /home/elmarco/src/qq/hw/ppc/spapr.c:1665
#2 0x55b8e9beae3a in qemu_savevm_state_iterate /home/elmarco/src/qq/migration/savevm.c:1044
#3 0x55b8ea677733 in migration_thread /home/elmarco/src/qq/migration/migration.c:1976
#4 0x7f15845f46c9 in start_thread (/lib64/libpthread.so.0+0x76c9)
#5 0x7f157d9d0f7e in clone (/lib64/libc.so.6+0x107f7e)
0x7f1556600000 is located 0 bytes to the right of 2097152-byte region [0x7f1556400000,0x7f1556600000)
allocated by thread T0 here:
#0 0x7f159bb76980 in posix_memalign (/lib64/libasan.so.3+0xc7980)
#1 0x55b8eab185b2 in qemu_try_memalign /home/elmarco/src/qq/util/oslib-posix.c:106
#2 0x55b8eab186c8 in qemu_memalign /home/elmarco/src/qq/util/oslib-posix.c:122
#3 0x55b8e9d268a8 in spapr_reallocate_hpt /home/elmarco/src/qq/hw/ppc/spapr.c:1214
#4 0x55b8e9d26e04 in ppc_spapr_reset /home/elmarco/src/qq/hw/ppc/spapr.c:1261
#5 0x55b8ea12e913 in qemu_system_reset /home/elmarco/src/qq/vl.c:1697
#6 0x55b8ea13fa40 in main /home/elmarco/src/qq/vl.c:4679
#7 0x7f157d8e9400 in __libc_start_main (/lib64/libc.so.6+0x20400)
Thread T6 created by T0 here:
#0 0x7f159bae0488 in __interceptor_pthread_create (/lib64/libasan.so.3+0x31488)
#1 0x55b8eab1d9cb in qemu_thread_create /home/elmarco/src/qq/util/qemu-thread-posix.c:465
#2 0x55b8ea67874c in migrate_fd_connect /home/elmarco/src/qq/migration/migration.c:2096
#3 0x55b8ea66cbb0 in migration_channel_connect /home/elmarco/src/qq/migration/migration.c:500
#4 0x55b8ea678f38 in socket_outgoing_migration /home/elmarco/src/qq/migration/socket.c:87
#5 0x55b8eaa5a03a in qio_task_complete /home/elmarco/src/qq/io/task.c:142
#6 0x55b8eaa599cc in gio_task_thread_result /home/elmarco/src/qq/io/task.c:88
#7 0x7f15823e38e6 (/lib64/libglib-2.0.so.0+0x468e6)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/elmarco/src/qq/hw/ppc/spapr.c:1528 in htab_save_first_pass
index seems to be wrongly incremented, unless I miss something that
would be worth a comment.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||
|---|---|---|
| .. | ||
| e500-ccsr.h | ||
| e500.c | ||
| e500.h | ||
| e500plat.c | ||
| fdt.c | ||
| mac_newworld.c | ||
| mac_oldworld.c | ||
| mac.h | ||
| Makefile.objs | ||
| mpc8544_guts.c | ||
| mpc8544ds.c | ||
| pnv_core.c | ||
| pnv_lpc.c | ||
| pnv_xscom.c | ||
| pnv.c | ||
| ppc4xx_devs.c | ||
| ppc4xx_pci.c | ||
| ppc405_boards.c | ||
| ppc405_uc.c | ||
| ppc405.h | ||
| ppc440_bamboo.c | ||
| ppc_booke.c | ||
| ppc.c | ||
| ppce500_spin.c | ||
| prep_systemio.c | ||
| prep.c | ||
| rs6000_mc.c | ||
| spapr_cpu_core.c | ||
| spapr_drc.c | ||
| spapr_events.c | ||
| spapr_hcall.c | ||
| spapr_iommu.c | ||
| spapr_ovec.c | ||
| spapr_pci_vfio.c | ||
| spapr_pci.c | ||
| spapr_rng.c | ||
| spapr_rtas_ddw.c | ||
| spapr_rtas.c | ||
| spapr_rtc.c | ||
| spapr_vio.c | ||
| spapr.c | ||
| trace-events | ||
| virtex_ml507.c | ||