From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KNnt9-0008Uq-0k
	for qemu-devel@nongnu.org; Tue, 29 Jul 2008 08:01:11 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KNnt5-0008S6-Ac
	for qemu-devel@nongnu.org; Tue, 29 Jul 2008 08:01:09 -0400
Received: from [199.232.76.173] (port=49525 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KNnt4-0008Rx-Dm
	for qemu-devel@nongnu.org; Tue, 29 Jul 2008 08:01:06 -0400
Received: from borg.org ([64.105.205.123]:36494 helo=mail.borg.org)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <kentborg@borg.org>) id 1KNnt4-0001df-1E
	for qemu-devel@nongnu.org; Tue, 29 Jul 2008 08:01:06 -0400
Received: from mail.borg.org (localhost [127.0.0.1])
	by mail.borg.org (Postfix) with ESMTP id 41680209F98
	for <qemu-devel@nongnu.org>; Tue, 29 Jul 2008 08:01:03 -0400 (EDT)
Received: from [192.168.1.172] (unknown [192.168.1.172])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested) (Authenticated sender: kentborg)
	by mail.borg.org (Postfix) with ESMTP
	for <qemu-devel@nongnu.org>; Tue, 29 Jul 2008 08:01:03 -0400 (EDT)
Message-ID: <488F0675.50306@borg.org>
Date: Tue, 29 Jul 2008 08:00:53 -0400
From: Kent Borg <kentborg@borg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: [Qemu-devel] Bug: Dereferencing -1 Crashes Qemu
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Running qemu-0.9.1 with kqemu 1.3.0~pre11.  Lunix host, Linux guest.  If
I dereference a -1 the entire guest crashes.

-kb, the Kent who isn't subscribed.



$ make hello
cc     hello.c   -o hello
hello.c: In function =E2=80=98main=E2=80=99:
hello.c:8: warning: assignment makes pointer from integer without a cast
$ cat hello.c
#include <stdio.h>
#include <stdlib.h>

main()
{
  int *ptr;

  ptr =3D -1;

  printf("hello, world\n");
  printf("%d\n", *ptr);
}
$ ./hello
hello, world
EAX=3D00000292 EBX=3Dc552ee00 ECX=3D00000292 EDX=3D00000000
ESI=3Dc548c000 EDI=3D00000000 EBP=3Dc7b6cc0d ESP=3Dc5445f14
EIP=3Dc033005d EFL=3D00010286 [--S--P-] CPL=3D3 II=3D0 A20=3D1 SMM=3D0 HL=
T=3D0
ES =3D007b 00000000 ffffffff 00cff300
CS =3D0060 00000000 ffffffff 00cffb00
SS =3D0068 00000000 ffffffff 00cff300
DS =3D007b 00000000 ffffffff 00cff300
FS =3D0000 00000000 00000000 00000000
GS =3D0033 b7e136b0 ffffffff b7dff3e1
LDT=3D0000 00000000 00000000 00008000
TR =3D0080 c1107100 00002073 00008900
GDT=3D     c1104000 000000ff
IDT=3D     c0429000 000007ff
CR0=3D8005003b CR2=3Db7edb2d0 CR3=3D06dbb000 CR4=3D000006b0
Unsupported return value: 0xffffffff
root@rc-dom0:~#