qemu/hw
Marc-André Lureau 2764040785 arm: avoid heap-buffer-overflow in load_aarch64_image
Spotted by ASAN:

elmarco@boraha:~/src/qemu/build (master *%)$ QTEST_QEMU_BINARY=aarch64-softmmu/qemu-system-aarch64 tests/boot-serial-test
/aarch64/boot-serial/virt: ** (process:19740): DEBUG: 18:39:30.275: foo /tmp/qtest-boot-serial-cXaS94D
=================================================================
==19740==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000069648 at pc 0x7f1d2201cc54 bp 0x7fff331f6a40 sp 0x7fff331f61e8
READ of size 4 at 0x603000069648 thread T0
    #0 0x7f1d2201cc53  (/lib64/libasan.so.4+0xafc53)
    #1 0x55bc86685ee3 in load_aarch64_image /home/elmarco/src/qemu/hw/arm/boot.c:894
    #2 0x55bc86687217 in arm_load_kernel_notify /home/elmarco/src/qemu/hw/arm/boot.c:1047
    #3 0x55bc877363b5 in notifier_list_notify /home/elmarco/src/qemu/util/notify.c:40
    #4 0x55bc869331ea in qemu_run_machine_init_done_notifiers /home/elmarco/src/qemu/vl.c:2716
    #5 0x55bc8693bc39 in main /home/elmarco/src/qemu/vl.c:4679
    #6 0x7f1d1652c009 in __libc_start_main (/lib64/libc.so.6+0x21009)
    #7 0x55bc86255cc9 in _start (/home/elmarco/src/qemu/build/aarch64-softmmu/qemu-system-aarch64+0x1ae5cc9)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2018-03-09 17:09:44 +00:00
..
9pfs 9p: fix leak in synth_name_to_path() 2018-02-19 18:27:32 +01:00
acpi qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
adc Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
alpha
arm arm: avoid heap-buffer-overflow in load_aarch64_image 2018-03-09 17:09:44 +00:00
audio hw/audio/sb16.c: change dolog() to qemu_log_mask() 2018-02-02 08:19:47 +01:00
block Include less of the generated modular QAPI headers 2018-03-02 13:45:50 -06:00
bt
char s390x/sclp: clean up sclp masks 2018-03-08 15:49:23 +01:00
core Add symbol table callback interface to load_elf 2018-03-07 08:30:28 +13:00
cpu
cris
display g364fb: fix DirtyBitmapSnapshot leak 2018-03-06 14:00:58 +01:00
dma hw/dma: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:09 +01:00
gpio
hppa hw/hppa: Use qemu_log_mask instead of fprintf to stderr 2018-02-04 14:11:03 -08:00
i2c hw/i2c-ddc: Do not fail writes 2018-03-01 11:05:45 +00:00
i386 multiboot: fprintf(stderr...) -> error_report() 2018-03-07 11:53:37 +01:00
ide Revert "IDE: Do not flush empty CDROM drives" 2018-03-02 18:39:07 +01:00
input adb: add trace-events for monitoring keyboard/mouse during bus enumeration 2018-03-06 13:16:29 +11:00
intc openpic_kvm: drop address_space_to_flatview call 2018-03-06 14:01:27 +01:00
ipack
ipmi qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
isa lpc: drop pcie host dependency 2018-02-13 18:25:48 +02:00
lm32 hw/lm32: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
m68k
mem Include less of the generated modular QAPI headers 2018-03-02 13:45:50 -06:00
microblaze
mips Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
misc misc: don't use hwaddr as a type in trace events 2018-03-06 14:24:30 +00:00
moxie hw/moxie: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
net -----BEGIN PGP SIGNATURE----- 2018-03-05 14:27:24 +00:00
nios2 Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
nvram Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
openrisc hw/openrisc: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
pci qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
pci-bridge virtio,vhost,pci,pc: features, fixes and cleanups 2018-02-13 16:33:31 +00:00
pci-host pci: Add support for Designware IP block 2018-03-09 17:09:43 +00:00
pcmcia
ppc PPC: e500: Fix duplicate kernel load and device tree overlap 2018-03-06 13:16:29 +11:00
rdma hw/rdma: Implementation of PVRDMA device 2018-02-19 13:03:24 +02:00
riscv RISC-V Build Infrastructure 2018-03-07 08:30:28 +13:00
s390x s390x/virtio: Convert virtio-ccw from *_exit to *_unrealize 2018-03-08 17:22:20 +01:00
scsi scsi: Remove automatic creation of SCSI controllers with -drive if=scsi 2018-03-06 14:00:59 +01:00
sd sdcard: simplify SD_SEND_OP_COND (ACMD41) 2018-02-22 15:12:54 +00:00
sh4
smbios Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
sparc hw/sparc/sun4m: Fix implicit creation of "-drive if=scsi" devices 2018-03-08 07:21:54 +00:00
sparc64 Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
ssi xilinx_spips: Use 8 dummy cycles with the QIOR/QIOR4 commands 2018-03-01 11:05:44 +00:00
timer qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
tpm Merge tpm 2018/03/07 2018-03-08 12:56:39 +00:00
tricore
unicore32
usb usb-mtp: Advertise SendObjectInfo for write support 2018-02-26 12:18:36 +01:00
vfio vfio-ccw: license text should indicate GPL v2 or later 2018-03-08 15:49:23 +01:00
virtio qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
watchdog qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
xen virtio,vhost,pci,pc: features, fixes and cleanups 2018-02-13 16:33:31 +00:00
xenpv hw/xen*: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:46 +01:00
xtensa Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
Makefile.objs hw/rdma: Add wrappers and macros 2018-02-19 13:03:24 +02:00