DragonFly users List (threaded) for 2009-03
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
Re: Qemu 0.10.0 HOWTO
| From: | Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx> |
| Date: | Sat, 28 Mar 2009 19:26:55 -0700 (PDT) |
I found the memory corruption. gen_opc_ptr indexes into
gen_opc_buf[] which is 512 entries. The pointer can extend
past 512, destroying random data beyond the buf.
Hardware watchpoint 1: tcg_ctx.pool_current == (void *) 786439
Old value = 0
New value = 1
0x0814ef95 in gen_intermediate_code (env=0x34a8c000, tb=0x3341ba98)
at /netboot1/qemu/qemu-0.10.1/tcg/tcg-op.h:62
62 *gen_opc_ptr++ = opc;
(gdb) print gen_opc_ptr
$1 = (uint16_t *) 0x83d28ce
(gdb) print gen_opc_buf
$2 = 0x83d24c0
(gdb) print gen_opc_ptr - gen_opc_buf
$3 = 519
(gdb) q
If I change the declarations in translate-all.c I can work around
the problem. I do not know what is causing the buffer to get
overrun. This is just a quick hack.
Hasso, could you add this to your official patch as a temporary
workaround? Then my qemu build target in /usr/src/test/amd64
will produce a working qemu.
-Matt
Matthew Dillon
<dillon@backplane.com>
--- translate-all.c.old 2009-03-28 19:24:50 -0700
+++ translate-all.c 2009-03-28 19:25:39 -0700
@@ -34,8 +34,8 @@
/* code generation context */
TCGContext tcg_ctx;
-uint16_t gen_opc_buf[OPC_BUF_SIZE];
-TCGArg gen_opparam_buf[OPPARAM_BUF_SIZE];
+uint16_t gen_opc_buf[OPC_BUF_SIZE + 512];
+TCGArg gen_opparam_buf[OPPARAM_BUF_SIZE + 512];
target_ulong gen_opc_pc[OPC_BUF_SIZE];
uint16_t gen_opc_icount[OPC_BUF_SIZE];
- References:
- Qemu 0.10.0 HOWTO
- From: Hasso Tepper <hasso@estpak.ee>
- Qemu 0.10.0 HOWTO
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]