DragonFly users List (threaded) for 2009-03
DragonFly BSD
DragonFly users List (threaded) for 2009-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Qemu 0.10.0 HOWTO


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 28 Mar 2009 19:26:55 -0700 (PDT)

    I found the memory corruption. gen_opc_ptr indexes into 
    gen_opc_buf[] which is 512 entries.  The pointer can extend
    past 512, destroying random data beyond the buf.

Hardware watchpoint 1: tcg_ctx.pool_current == (void *) 786439                  

Old value = 0
New value = 1
0x0814ef95 in gen_intermediate_code (env=0x34a8c000, tb=0x3341ba98)
    at /netboot1/qemu/qemu-0.10.1/tcg/tcg-op.h:62
62          *gen_opc_ptr++ = opc;
(gdb) print gen_opc_ptr
$1 = (uint16_t *) 0x83d28ce
(gdb) print gen_opc_buf
$2 = 0x83d24c0
(gdb) print gen_opc_ptr - gen_opc_buf
$3 = 519
(gdb) q

    If I change the declarations in translate-all.c I can work around
    the problem.  I do not know what is causing the buffer to get
    overrun.  This is just a quick hack.

    Hasso, could you add this to your official patch as a temporary
    workaround?  Then my qemu build target in /usr/src/test/amd64
    will produce a working qemu.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

--- translate-all.c.old	2009-03-28 19:24:50 -0700
+++ translate-all.c	2009-03-28 19:25:39 -0700
@@ -34,8 +34,8 @@
 /* code generation context */
 TCGContext tcg_ctx;
 
-uint16_t gen_opc_buf[OPC_BUF_SIZE];
-TCGArg gen_opparam_buf[OPPARAM_BUF_SIZE];
+uint16_t gen_opc_buf[OPC_BUF_SIZE + 512];
+TCGArg gen_opparam_buf[OPPARAM_BUF_SIZE + 512];
 
 target_ulong gen_opc_pc[OPC_BUF_SIZE];
 uint16_t gen_opc_icount[OPC_BUF_SIZE];



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]