This patchset strives to fix two bugs at xvzrle when --enable-avx512 is
used: an out-of-bounds write and an invalid argument to __builtin_ctz().
Those two errors can be seen in the test suite running:
$ ../configure --target-list=aarch64-softmmu --enable-sanitizers
--enable-avx512bw
$ make tests/unit/test-xbzrle && ./tests/unit/test-xbzrle
==5518==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62100000b100 at pc 0x561109a7714d bp 0x7ffed712a440 sp 0x7ffed712a430
WRITE of size 1 at 0x62100000b100 thread T0
#0 0x561109a7714c in uleb128_encode_small ../util/cutils.c:831
#1 0x561109b67f6a in xbzrle_encode_buffer_avx512 ../migration/xbzrle.c:275
#2 0x5611099a7428 in test_encode_decode_overflow
../tests/unit/test-xbzrle.c:153
#3 0x7fb2fb65a58d (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7a58d)
#4 0x7fb2fb65a333 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7a333)
#5 0x7fb2fb65aa79 in g_test_run_suite
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7aa79)
#6 0x7fb2fb65aa94 in g_test_run
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x7aa94)
#7 0x5611099a3a23 in main ../tests/unit/test-xbzrle.c:218
#8 0x7fb2fa78c082 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x24082)
#9 0x5611099a608d in _start (/qemu/build/tests/unit/test-xbzrle+0x28408d)
0x62100000b100 is located 0 bytes to the right of 4096-byte region
[0x62100000a100,0x62100000b100)
allocated by thread T0 here:
#0 0x7fb2fb823a06 in __interceptor_calloc
../../../../src/libsanitizer/asan/asan_malloc_linux.cc:153
#1 0x7fb2fb637ef0 in g_malloc0
(/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57ef0)
../migration/xbzrle.c:265: runtime error: passing zero to ctz(), which is not
a valid argument
v1:
https://lore.kernel.org/qemu-devel/cover.1678199971.git.quic_mathb...@quicinc.com/
(No changes since v1, only rebased on current master)
Matheus Tavares Bernardino (2):
migration/xbzrle: use ctz64 to avoid undefined result
migration/xbzrle: fix out-of-bounds write with axv512
migration/xbzrle.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--
2.39.1
