haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw/arm
History
Marc-André Lureau 2764040785 arm: avoid heap-buffer-overflow in load_aarch64_image 
Spotted by ASAN:

elmarco@boraha:~/src/qemu/build (master *%)$ QTEST_QEMU_BINARY=aarch64-softmmu/qemu-system-aarch64 tests/boot-serial-test
/aarch64/boot-serial/virt: ** (process:19740): DEBUG: 18:39:30.275: foo /tmp/qtest-boot-serial-cXaS94D
=================================================================
==19740==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000069648 at pc 0x7f1d2201cc54 bp 0x7fff331f6a40 sp 0x7fff331f61e8
READ of size 4 at 0x603000069648 thread T0
    #0 0x7f1d2201cc53  (/lib64/libasan.so.4+0xafc53)
    #1 0x55bc86685ee3 in load_aarch64_image /home/elmarco/src/qemu/hw/arm/boot.c:894
    #2 0x55bc86687217 in arm_load_kernel_notify /home/elmarco/src/qemu/hw/arm/boot.c:1047
    #3 0x55bc877363b5 in notifier_list_notify /home/elmarco/src/qemu/util/notify.c:40
    #4 0x55bc869331ea in qemu_run_machine_init_done_notifiers /home/elmarco/src/qemu/vl.c:2716
    #5 0x55bc8693bc39 in main /home/elmarco/src/qemu/vl.c:4679
    #6 0x7f1d1652c009 in __libc_start_main (/lib64/libc.so.6+0x21009)
    #7 0x55bc86255cc9 in _start (/home/elmarco/src/qemu/build/aarch64-softmmu/qemu-system-aarch64+0x1ae5cc9)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
..
allwinner-a10.c hw/arm/allwinner-a10: Mark the allwinner-a10 device with user_creatable = false 2017-09-07 13:54:51 +01:00
armv7m.c armv7m: Forward init-svtor property to CPU object 2018-03-02 11:03:45 +00:00
aspeed.c hw/arm/aspeed: Unlock SCU when running kernel 2017-11-20 13:47:49 +00:00
aspeed_soc.c hw/arm/aspeed: simplify using the 'unimplemented device' for aspeed_soc.io 2018-02-15 18:29:36 +00:00
bcm2835_peripherals.c hw/arm/bcm2835_peripherals: change maximum block size to 1kB 2018-02-13 16:15:08 +01:00
bcm2836.c bcm2836: Make CPU type configurable 2018-02-15 18:33:46 +00:00
boot.c arm: avoid heap-buffer-overflow in load_aarch64_image 2018-03-09 17:09:44 +00:00
collie.c arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly 2017-09-19 09:09:32 -03:00
cubieboard.c hw/arm: Set ignore_memory_transaction_failures for most ARM boards 2017-09-07 13:54:54 +01:00
digic.c hw/arm/digic: Mark device with user_creatable = false 2017-09-04 17:13:53 +01:00
digic_boards.c hw/arm: Set ignore_memory_transaction_failures for most ARM boards 2017-09-07 13:54:54 +01:00
exynos4_boards.c hw: add .min_cpus and .default_cpus fields to machine_class 2017-11-13 13:55:27 +00:00
exynos4210.c hw/arm/exynos4210: add a comment about a very similar SDHCI (Spec. v2) 2018-02-13 16:15:08 +01:00
fsl-imx6.c hw/arm/fsl-imx6: implement SDHCI Spec. v3 2018-02-13 16:15:09 +01:00
fsl-imx7.c i.MX: Add i.MX7 SOC implementation. 2018-03-09 17:09:43 +00:00
fsl-imx25.c hw/arm: Mark the "fsl,imx25" device with user_creatable = false 2017-11-07 13:03:51 +00:00
fsl-imx31.c hw/arm: Mark the "fsl,imx31" device with user_creatable = false 2017-11-07 13:03:51 +00:00
gumstix.c hw/arm: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:26:42 +01:00
highbank.c highbank: validate register offset before access 2017-11-13 13:55:24 +00:00
imx25_pdk.c hw/arm: Set ignore_memory_transaction_failures for most ARM boards 2017-09-07 13:54:54 +01:00
integratorcp.c arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly 2017-09-19 09:09:32 -03:00
iotkit.c hw/arm/iotkit: Model Arm IOT Kit 2018-03-02 11:03:45 +00:00
kzm.c hw/arm: Set ignore_memory_transaction_failures for most ARM boards 2017-09-07 13:54:54 +01:00
mainstone.c hw/arm: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:26:42 +01:00
Makefile.objs hw/arm: Use more CONFIG switches for the object files 2018-03-09 17:09:44 +00:00
mcimx7d-sabre.c Implement support for i.MX7 Sabre board 2018-03-09 17:09:43 +00:00
mps2-tz.c mps2-an505: New board model: MPS2 with AN505 Cortex-M33 FPGA image 2018-03-02 11:03:45 +00:00
mps2.c arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly 2017-09-19 09:09:32 -03:00
msf2-soc.c msf2: Wire up SYSRESETREQ in SoC for system reset 2017-10-31 11:50:52 +00:00
msf2-som.c msf2: Add Emcraft's Smartfusion2 SOM kit 2017-09-21 16:36:56 +01:00
musicpal.c hw/arm: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:26:42 +01:00
netduino2.c arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly 2017-09-19 09:09:32 -03:00
nseries.c Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
omap1.c hw/arm: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:26:42 +01:00
omap2.c hw/arm: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:26:42 +01:00
omap_sx1.c hw/arm: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:26:42 +01:00
palm.c Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
pxa2xx.c hw/arm: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:26:42 +01:00
pxa2xx_gpio.c Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
pxa2xx_pic.c Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
raspi.c raspi: Add "raspi3" machine type 2018-02-22 15:12:51 +00:00
realview.c arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly 2017-09-19 09:09:32 -03:00
sabrelite.c hw/arm: Set ignore_memory_transaction_failures for most ARM boards 2017-09-07 13:54:54 +01:00
spitz.c hw/audio/wm8750: move WM8750 declarations from i2c/i2c.h to audio/wm8750.h 2018-02-02 08:19:25 +01:00
stellaris.c arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly 2017-09-19 09:09:32 -03:00
stm32f205_soc.c arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly 2017-09-19 09:09:32 -03:00
strongarm.c migration: pre_save return int 2017-09-27 11:35:59 +01:00
strongarm.h Move target-* CPU file into a target/ folder 2016-12-20 21:52:12 +01:00
sysbus-fdt.c sysbus: Remove ignored return value of FindSysbusDeviceFunc 2016-09-27 17:03:34 -03:00
tosa.c Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
trace-events docs: fix broken paths to docs/devel/tracing.txt 2017-07-31 13:12:53 +03:00
versatilepb.c arm: drop intermediate cpu_model -> cpu type parsing and use cpu type directly 2017-09-19 09:09:32 -03:00
vexpress.c arm/vexpress: Add proper display connector emulation 2018-03-01 11:13:36 +00:00
virt-acpi-build.c Virt: ACPI: fix qemu assert due to re-assigned table data address 2018-01-11 13:25:34 +00:00
virt.c hw/arm: Move virt's PSCI DT fixup code to arm/boot.c 2018-02-09 10:40:30 +00:00
xilinx_zynq.c hw/arm/xilinx_zynq: fix the capabilities register to match the datasheet 2018-02-13 16:15:08 +01:00
xlnx-zcu102.c xlnx-zcu102: Add support for the ZynqMP QSPI 2017-12-13 17:59:22 +00:00
xlnx-zynqmp.c hw/arm: Set the core count for Xilinx's ZynqMP 2018-03-09 17:09:43 +00:00
z2.c hw/arm: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:26:42 +01:00