On 12/5/25 16:20, Peter Maydell wrote:
On Fri, 5 Dec 2025 at 16:11, Jim MacArthur <[email protected]> wrote:
On 12/5/25 15:57, Philippe Mathieu-Daudé wrote:
On 4/12/25 22:33, Alex Bennée wrote:
Jim MacArthur <[email protected]> writes:
If both frame and element count are 65535, which appears valid from my
reading of the OMAP5912 documentation, then some of the calculations
will overflow the 32-bit signed integer range and produce a negative
min_elems value.
Raised by #3204 (https://gitlab.com/qemu-project/qemu/-/issues/3204).
nit:
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/3204
Format is:
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3204
Fixes: afbb5194d43 ("Handle on-chip DMA controllers in one place")
I'm unclear on whether this actually resolves or fixes the issue, so I
just said 'Raised by'. The bug only includes a test case, not a text
description of the problem. The test case will give a different error if
this patch is applied, but still doesn't pass. I've mentioned this on
the bug page.
Generally for this kind of fuzzer-generated bug report, the
bug is "it is possible to make QEMU assert/crash/etc". They
don't come with textual analysis of why exactly we ended up
crashing, because the crash was auto-generated. So the
"what actually happened here" is one of the things you have
to figure out as part of fixing the bug.
By that criterion, this patch doesn't fix the bug as it will still throw
a different address sanitizer error. The test case identified at least
two problems, one of which is fixed by this patch (when I address your
comments about u64/u32 math) and the other which I haven't figured out
how to address yet. I can leave this without the Resolves: tag, or add
an extra issue to Gitlab with the specific problem, or we can leave it
until we have a patch for the other problems.
Jim
