search

BinaryAnalysisPlatform / qemu

Official QEMU mirror
Other
9 stars 12 forks source link

Segfaults in PPC64 tracewrap #22

Open Rot127 opened 2 years ago

Rot127 commented 2 years ago

Running the following command (cross compiled rizin for PPC64 big endian) segfaults qemu.

qemu-ppc64 build_cross_ppc64be/binrz/rz-test/rz-test test/db/rzil/ppc32

Valgrind log has a ton of invalid reads of size 8

==14790== Thread 3:
==14790== Invalid read of size 8
==14790==    at 0x26DDC4: qemu_trace_endframe (tracewrap.c:348)
==14790==    by 0x26D874: qemu_trace_newframe (tracewrap.c:253)
==14790==    by 0x258544: helper_trace_newframe (trace_helper.c:40)
==14790==    by 0x59AF119: ???
==14790==  Address 0xf8b21b8 is 56 bytes inside a block of size 80 free'd
==14790==    at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==14790==    by 0x26DE7C: qemu_trace_endframe (tracewrap.c:359)
==14790==    by 0x258573: helper_trace_endframe (trace_helper.c:45)
==14790==    by 0x59AF944: ???
==14790==    by 0x1102: ???
==14790==    by 0x5800657F: ??? (in /usr/lib/x86_64-linux-gnu/valgrind/memcheck-amd64-linux)
==14790==    by 0xF8B032F: ???
==14790==    by 0xF8B133F: ???
==14790==    by 0x1102: ???
==14790==    by 0x7800000000: ???
==14790==    by 0x1101: ???
==14790==    by 0x77537F: ???
==14790==  Block was alloc'd at
==14790==    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==14790==    by 0x48DDE98: g_malloc (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6400.6)
==14790==    by 0x26D8B2: qemu_trace_newframe (tracewrap.c:260)
==14790==    by 0x258544: helper_trace_newframe (trace_helper.c:40)
==14790==    by 0x59AF8C0: ???
==14790==    by 0x1102: ???
==14790==    by 0x5800657F: ??? (in /usr/lib/x86_64-linux-gnu/valgrind/memcheck-amd64-linux)
==14790==    by 0xF8B032F: ???
==14790==    by 0xF8B133F: ???
==14790==    by 0x1102: ???
==14790==    by 0x7800000000: ???
==14790==    by 0x1101: ???
==14790== 

...

@ivg Could you please assign me to this issue so I don't forget to fix it?

XVilka commented 1 year ago

Probably worth rechecking after upgrade to the 8.1 (will be released in a few months, with some necessary for our work changes, e.g. Tricore translation improvements and fixes) is done first: https://github.com/BinaryAnalysisPlatform/qemu/issues/23

Rot127 commented 1 year ago

I'll planned to fix it when I work up on the Hexagon trace.