+Mauro & Alex
On 12/21/21 15:48, Michael S. Tsirkin wrote:
> When bus is looked up on a pci write, we didn't
> validate that the lookup succeeded.
> Fuzzers thus can trigger QEMU crash by dereferencing the NULL
> bus pointer.
>
> Fixes: b32bd763a1 ("pci: introduce acpi-index property for PCI device")
> Cc: "Igor Mammedov" <imamm...@redhat.com>
> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/770
> Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
It seems this problem is important enough to get a CVE assigned.
Mauro, please update us when you get the CVE number.
Michael, please amend the CVE number before committing the fix.
FWIW Paolo asked every fuzzed bug reproducer to be committed
as qtest, see tests/qtest/fuzz*c. Alex has a way to generate
reproducer in plain C.
Regards,
Phil.
