VirtualBox

Ticket #2617 (closed defect: fixed)

Opened 8 months ago

Last modified 7 months ago

int 1 in ring-3 in guest OS crashes VirtualBox on host -> fixed in SVN

Reported by: pdeboer Assigned to:
Priority: major Component: other
Version: VirtualBox 2.0.4 Keywords: DoS crash
Cc: Guest type: Windows
Host type: Linux

Description

Using the int 1 instruction \xf1 crashes virtual box.

Example code: int main () {

unsigned char buf = '\xf1'; void (*f)() = (void (*)(void))&buf; f();

}

Using the 'normal' way of calling an interrupt, '\xcd\x01' does not result in a crash.

Attachments

VBox.log (165.5 kB) - added by pdeboer on 2008-11-22 17:22:36.
vbcrash.exe (7.0 kB) - added by pdeboer on 2008-11-26 22:28:35.
PoC VirtualBox crash tool

Change History

2008-11-14 17:22:35 changed by sandervl73

Please attach your VBox.log.

(in reply to: ↑ description ) 2008-11-14 17:25:52 changed by pdeboer

Sorry, friday-afternoon brain lag..

VirtualBox itself does not crash, only the guest OS gets into a 'stuck' state and a VB pop-up gives the option to debug the guest OS or stop it.

2008-11-22 17:22:36 changed by pdeboer

  • attachment VBox.log added.

2008-11-25 13:11:31 changed by sandervl73

I can't reproduce this here. Could you try again with 2.0.6?

2008-11-26 22:28:35 changed by pdeboer

  • attachment vbcrash.exe added.

PoC VirtualBox crash tool

2008-11-26 22:32:55 changed by pdeboer

It still crashes 2.0.6. I've attached the Windows executable I'm using.

The problem only seems to exist when 'VT-x/AMD-V' is turned on for this VM. The host system has a Core2Duo (T8300) processor.

2008-11-27 10:44:56 changed by sandervl73

  • summary changed from int 1 in ring-3 in guest OS crashes VirtualBox on host to int 1 in ring-3 in guest OS crashes VirtualBox on host -> fixed in SVN.

The problem is no longer present in the current source tree. I was able to reproduce it with 2.0.6 too.

2008-12-17 13:56:50 changed by sandervl73

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in 2.1.

© 2009 Sun Microsystems, Inc.
ContactPrivacy policy