Hi Alex, On Tue, Feb 16, 2021 at 12:48 AM Alexander Bulekov <alx...@bu.edu> wrote: > > Hi Bin, > Thank you for this. I ran through the OSS-Fuzz tests again, and it found > one thing:
Thanks for testing. Are there instructions to run OSS-Fuzz tests myself? > Maybe this is already much better than the current state of the code, so > this one can be fixed in a later patch? Depend on when Philippe can pick up this sereis, but I can also try to have a quick look :) > > cat << EOF | ./qemu-system-i386 -display none -machine accel=qtest \ > -m 512M -nodefaults -device sdhci-pci,sd-spec-version=3 \ > -device sd-card,drive=mydrive \ > -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive \ > -nographic -qtest stdio > outl 0xcf8 0x80001010 > outl 0xcfc 0xe0000000 > outl 0xcf8 0x80001001 > outl 0xcfc 0x06000000 > write 0xe000002c 0x1 0x05 > write 0xe0000005 0x1 0x02 > write 0xe0000007 0x1 0x01 > write 0xe0000028 0x1 0x10 > write 0x0 0x1 0x23 > write 0x2 0x1 0x08 > write 0xe000000c 0x1 0x01 > write 0xe000000e 0x1 0x20 > write 0xe000000f 0x1 0x00 > write 0xe000000c 0x1 0x32 > write 0xe0000004 0x2 0x0200 > write 0xe0000028 0x1 0x00 > write 0xe0000003 0x1 0x40 > EOF > > > ==1730971==ERROR: AddressSanitizer: heap-buffer-overflow on address > 0x615000031880 at pc 0x55d070f2c6d9 bp 0x7ffdcb63f130 sp 0x7ffdcb63f128 > READ of size 4 at 0x615000031880 thread T0 > #0 0x55d070f2c6d8 in ldl_he_p bswap.h:347:5 > #1 0x55d070f2c6d8 in ldn_he_p bswap.h:546:1 > #2 0x55d070f2c6d8 in flatview_write_continue > build/../softmmu/physmem.c:2775:19 > #3 0x55d070f219eb in flatview_write build/../softmmu/physmem.c:2816:14 > #4 0x55d070f219eb in address_space_write build/../softmmu/physmem.c:2908:18 > #5 0x55d07040de4a in dma_memory_rw_relaxed include/sysemu/dma.h:88:12 > #6 0x55d07040de4a in dma_memory_rw include/sysemu/dma.h:127:12 > #7 0x55d07040de4a in dma_memory_write include/sysemu/dma.h:163:12 > #8 0x55d07040de4a in sdhci_sdma_transfer_multi_blocks > build/../hw/sd/sdhci.c:619:13 > #9 0x55d07041d15b in sdhci_write build/../hw/sd/sdhci.c:1134:21 > #10 0x55d07123b1ac in memory_region_write_accessor > build/../softmmu/memory.c:491:5 > #11 0x55d07123acab in access_with_adjusted_size > build/../softmmu/memory.c:552:18 > #12 0x55d07123a4b0 in memory_region_dispatch_write build/../softmmu/memory.c > #13 0x55d070f2c29b in flatview_write_continue > build/../softmmu/physmem.c:2776:23 > #14 0x55d070f219eb in flatview_write build/../softmmu/physmem.c:2816:14 > #15 0x55d070f219eb in address_space_write build/../softmmu/physmem.c:2908:18 Regards, Bin
