We couldn’t reproduce the bug with the patch provided by our reproducer earlier, though we did not dig into the details of it. Meanwhile, we do also see the null pointer dereference crash with the current upstream (https://bugs.launchpad.net/qemu/+bug/1878259).

On May 13, 2020, at 10:53 AM, P J P <ppandit@redhat.com> wrote:

+-- On Wed, 13 May 2020, Alexander Bulekov wrote --+
| They are not necessary, but for me QEMU crashes before qtest ever tries to
| parse them. Is your QEMU built with ASAN?

Yes, it is
QEMU_CFLAGS -I/usr/include/pixman-1 -Werror -fsanitize=address
QEMU_LDFLAGS -Wl,--warn-common -fsanitize=address

Btw, Ren confirmed that he wasn't able to reproduce the issue with the
proposed patch.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D