On Fri, 5 Dec 2025 at 16:11, Jim MacArthur <[email protected]> wrote: > > > On 12/5/25 15:57, Philippe Mathieu-Daudé wrote: > > On 4/12/25 22:33, Alex Bennée wrote: > >> Jim MacArthur <[email protected]> writes: > >> > >>> If both frame and element count are 65535, which appears valid from my > >>> reading of the OMAP5912 documentation, then some of the calculations > >>> will overflow the 32-bit signed integer range and produce a negative > >>> min_elems value. > >>> > >>> Raised by #3204 (https://gitlab.com/qemu-project/qemu/-/issues/3204). > >>> > >> > >> nit: > >> > >> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/3204 > > > > Format is: > > > > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3204 > > Fixes: afbb5194d43 ("Handle on-chip DMA controllers in one place") > > > I'm unclear on whether this actually resolves or fixes the issue, so I > just said 'Raised by'. The bug only includes a test case, not a text > description of the problem. The test case will give a different error if > this patch is applied, but still doesn't pass. I've mentioned this on > the bug page.
Generally for this kind of fuzzer-generated bug report, the bug is "it is possible to make QEMU assert/crash/etc". They don't come with textual analysis of why exactly we ended up crashing, because the crash was auto-generated. So the "what actually happened here" is one of the things you have to figure out as part of fixing the bug. If you're satisfied that your fix deals with the problem, then you can mark it as "Resolves:" for that bug. If it turns out that the fix accidentally failed to catch the whole class of problems, then the people running fuzzers will let us know by filing a fresh bug report at some future point. thanks -- PMM
