QEMU

Segfault in artist.c:block_move

Bug #1890310 reported by Alexander Bulekov on 2020-08-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	QEMU	Fix Released	Undecided	Helge Deller

Bug Description

Hello,
Reproducer:

cat << EOF | ./hppa-softmmu/qemu-system-hppa -m 64 -display none \
-qtest stdio -accel qtest
writeq 0xf8100802 0xff5c651ffffb7c5c
writeq 0xf8100afb 0x25e000000000000
EOF

AddressSanitizer:DEADLYSIGNAL
=================================================================
==12686==ERROR: AddressSanitizer: SEGV on unknown address 0x7f001a540000 (pc 0x55af3a373078 bp 0x7ffc23001a00 sp 0x7ffc23001670 T0)
==12686==The signal is caused by a READ memory access.
    #0 0x55af3a373078 in block_move /hw/display/artist.c:525:13
    #1 0x55af3a365fbc in artist_reg_write /hw/display/artist.c:964:9
    #2 0x55af39a577a3 in memory_region_write_accessor /softmmu/memory.c:483:5
    #3 0x55af39a56adc in access_with_adjusted_size /softmmu/memory.c:539:18
    #4 0x55af39a54873 in memory_region_dispatch_write /softmmu/memory.c:1466:16
    #5 0x55af39102056 in flatview_write_continue /exec.c:3176:23
    #6 0x55af390ea866 in flatview_write /exec.c:3216:14
    #7 0x55af390ea387 in address_space_write /exec.c:3308:18
    #8 0x55af39afe604 in qtest_process_command /softmmu/qtest.c:452:13
    #9 0x55af39af5c08 in qtest_process_inbuf /softmmu/qtest.c:710:9
    #10 0x55af39af4895 in qtest_read /softmmu/qtest.c:722:5
    #11 0x55af3bfb0c43 in qemu_chr_be_write_impl /chardev/char.c:188:9
    #12 0x55af3bfb0dc7 in qemu_chr_be_write /chardev/char.c:200:9
    #13 0x55af3bfc50b3 in fd_chr_read /chardev/char-fd.c:68:9
    #14 0x55af3c119474 in qio_channel_fd_source_dispatch /io/channel-watch.c:84:12
    #15 0x7f0028f60897 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e897)
    #16 0x55af3c51137b in glib_pollfds_poll /util/main-loop.c:217:9
    #17 0x55af3c50eaab in os_host_main_loop_wait /util/main-loop.c:240:5
    #18 0x55af3c50e444 in main_loop_wait /util/main-loop.c:516:11
    #19 0x55af39b16d00 in qemu_main_loop /softmmu/vl.c:1676:9
    #20 0x55af3c151261 in main /softmmu/main.c:49:5
    #21 0x7f0027ae6e0a in __libc_start_main /build/glibc-GwnBeO/glibc-2.30/csu/../csu/libc-start.c:308:16
    #22 0x55af38ff5729 in _start (/home/alxndr/Development/qemu/general-fuzz/build/hppa-softmmu/qemu-system-hppa+0x22d4729)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /hw/display/artist.c:525:13 in block_move
==12686==ABORTING

The error occurs even with Message-Id: <email address hidden> applied (I collected the above trace with the patch-set applied)

Thanks
-Alex

Helge Deller (hdeller) on 2020-08-04

Changed in qemu:
assignee:	nobody → Helge Deller (hdeller)

Revision history for this message

Philippe Mathieu-Daudé (philmd) wrote on 2020-10-22:

Fixed by commit a501bfc91763d4642390090dd4e6039d67b63702.

Changed in qemu:
status:	New → Fix Committed

Revision history for this message

Thomas Huth (th-huth) wrote on 2020-12-10:

Released with QEMU v5.2.0.

Changed in qemu:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.