UndefinedBehaviorSanitizer crash around slirp::ip_reass()
Bug #1837094 reported by
Philippe Mathieu-Daudé
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| QEMU |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
tag: v4.1.0-rc1
./configure --enable-sanitizers --extra-cflags=-O1
==26130==ERROR: UndefinedBehavi
==26130==The signal is caused by a WRITE memory access.
==26130==Hint: address points to the zero page.
#0 0x0000561ad346d587 in ip_deq() at slirp/src/
#1 0x0000561ad346cffb in ip_reass() at slirp/src/
#2 0x0000561ad346cb6f in ip_input() at slirp/src/
I only had access to the last packet which isn't the culprit, I'm now seeing how to log the network traffic of the guest to provide more useful information.
CVE References
| description: | updated |
Revision history for this message
| Philippe Mathieu-Daudé (philmd) wrote | #1 |
Revision history for this message
| Samuel thibault (samuel-thibault) wrote | #2 |
Revision history for this message
| Philippe Mathieu-Daudé (philmd) wrote | #3 |
Revision history for this message
| Philippe Mathieu-Daudé (philmd) wrote | #4 |
| Changed in qemu: | |
| status: | New → Fix Released |
To post a comment you must log in.
Recent libslirp patch 126c04ac (explained in e0be8043) changed ip_reass(), so this bug might be fixed.
https:/
https:/