UndefinedBehaviorSanitizer crash around slirp::ip_reass()
Bug #1837094 reported by
Philippe Mathieu-Daudé
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
tag: v4.1.0-rc1
./configure --enable-sanitizers --extra-cflags=-O1
==26130==ERROR: UndefinedBehavi
==26130==The signal is caused by a WRITE memory access.
==26130==Hint: address points to the zero page.
#0 0x0000561ad346d587 in ip_deq() at slirp/src/
#1 0x0000561ad346cffb in ip_reass() at slirp/src/
#2 0x0000561ad346cb6f in ip_input() at slirp/src/
I only had access to the last packet which isn't the culprit, I'm now seeing how to log the network traffic of the guest to provide more useful information.
CVE References
description: | updated |
To post a comment you must log in.
Recent libslirp patch 126c04ac (explained in e0be8043) changed ip_reass(), so this bug might be fixed.
https:/ /gitlab. freedesktop. org/slirp/ libslirp/ commit/ 126c04ac /gitlab. freedesktop. org/slirp/ libslirp/ commit/ e0be8043
https:/