VirtualBox

Opened 15 years ago

Closed 15 years ago

#2617 closed defect (fixed)

int 1 in ring-3 in guest OS crashes VirtualBox on host -> fixed in SVN

Reported by: Pieter de Boer Owned by:
Component: other Version: VirtualBox 2.0.4
Keywords: DoS crash Cc:
Guest type: Windows Host type: Linux

Description

Using the int 1 instruction \xf1 crashes virtual box.

Example code: int main () {

unsigned char buf = '\xf1'; void (*f)() = (void (*)(void))&buf; f();

}

Using the 'normal' way of calling an interrupt, '\xcd\x01' does not result in a crash.

Attachments (2)

VBox.log (165.5 KB ) - added by Pieter de Boer 15 years ago.
vbcrash.exe (7.0 KB ) - added by Pieter de Boer 15 years ago.
PoC VirtualBox crash tool

Download all attachments as: .zip

Change History (8)

comment:1 by Sander van Leeuwen, 15 years ago

Please attach your VBox.log.

in reply to:  description comment:2 by Pieter de Boer, 15 years ago

Sorry, friday-afternoon brain lag..

VirtualBox itself does not crash, only the guest OS gets into a 'stuck' state and a VB pop-up gives the option to debug the guest OS or stop it.

by Pieter de Boer, 15 years ago

Attachment: VBox.log added

comment:3 by Sander van Leeuwen, 15 years ago

I can't reproduce this here. Could you try again with 2.0.6?

by Pieter de Boer, 15 years ago

Attachment: vbcrash.exe added

PoC VirtualBox crash tool

comment:4 by Pieter de Boer, 15 years ago

It still crashes 2.0.6. I've attached the Windows executable I'm using.

The problem only seems to exist when 'VT-x/AMD-V' is turned on for this VM. The host system has a Core2Duo (T8300) processor.

comment:5 by Sander van Leeuwen, 15 years ago

Summary: int 1 in ring-3 in guest OS crashes VirtualBox on hostint 1 in ring-3 in guest OS crashes VirtualBox on host -> fixed in SVN

The problem is no longer present in the current source tree. I was able to reproduce it with 2.0.6 too.

comment:6 by Sander van Leeuwen, 15 years ago

Resolution: fixed
Status: newclosed

Fixed in 2.1.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use