I see this bug has been reported before, for instance here: http://www.mail-archive.com/qemu-devel@nongnu.org/msg29250.html and Laurent Desnogues noticed the problem while reviewing a patch in this area: http://www.mail-archive.com/qemu-devel@nongnu.org/msg22251.html
The only code which looks at ts->info->host_argv is the code to handle SYS_GET_CMDLINE in the ARM semihosting support code arm-semi.c. My tentative suggestion is that we should instead make the semihosting support code read the argc/argv out of the userspace memory which loader_build_argptr has set up. (This is what linux-user/elfload.c does in fill_psinfo() as part of creating core dumps.) -- ARM semihosting SYS_GET_CMDLINE does not return arguments https://bugs.launchpad.net/bugs/673613 You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. Status in QEMU: New Bug description: I have downloaded version 0.13.0 of the code, configured with: './configure' '--prefix=/tmp/qemu-0.13.0' '--interp-prefix=/tmp/qemu-0.13.0/usr/local/gnemul/qemu-%M' '--target-list=arm-softmmu arm-linux-user armeb-linux-user' and built using gcc version 4.3.2 (Debian 4.3.2-1.1). Execution environment is Debian, kernel 2.6.26-2-686. I am running a barebone helloworld.c which echoes its commandline arguments, compiled with ADS1.2 from ARM. The arguments never get echoed back. I have found the culprit in the source code, lines 3020 and 3022 of linux-user/main.c which free target_argv[]. However, loader_exec(), which is called a couple lines above, records the pointer to target_argv[]. So, when the data is accessed in arm-semi.c, it is actually trying to load from memory that has been free()d already. This bug manifests itself for baremetal simulation, but I suspect it hits other platforms as well.
