QEMU

SEGFAULT caused by modifying the CPSR register

Bug #607794 reported by LG on 2010-07-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Unassigned

Bug Description

IIf the CPSR register (qemu-system-arm) is set to an invalid mode, qemu will segfault, because it tries to access a NULL-Pointer "env" in translate.c:9286. Either way, qemu will abort in exec.c:1863.

Revision history for this message

LG (lauragwd) wrote on 2010-07-20:

Here is a part of the gdb backtrace:

#2 0x000000000051a2bb in bank_number (env=<value optimized out>
#4 0x000000000051a584 in cpsr_write ((env=0x110a9d0

If I build qemu with debug flags, the env value won't be optimized out, but will remain 0.

Revision history for this message

Peter Maydell (pmaydell) wrote on 2011-12-24:

The missing detail in this bug report is that you only get the segfault if the CPSR register is being changed via the gdb stub interface. This happens because we try to use cpu_single_env as the env to pass to cpu_abort(), and if you've got to bank_number() via the gdb stub then cpu_single_env is NULL. I'm going to submit some patches which (a) fix this and (b) change behaviour to ignore bogus mode setting attempts rather than aborting.

Revision history for this message

Peter Maydell (pmaydell) wrote on 2012-07-10:

The patches that fix this bug are in QEMU 1.1.

Changed in qemu:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.