Spaces:
Runtime error
Runtime error
| {"sample_id": "82a41186941c419afde977f477f19c545b40c1c5_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,4 +1,4 @@\n+void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns, Error **errp)\n \n {\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "void aio_context_set_poll_params(AioContext *ctx, int64_t max_ns, Error **errp)\n\n{\n\n error_setg(errp, \"AioContext polling is not implemented on Windows\");\n\n}\n"}} | |
| {"sample_id": "3c2daac0b98952a858277878cb11294256b39e43", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,4 +3,4 @@\n {\n if (sector & dev->sector_mask) {\n if (size % dev->conf->logical_block_size) {\n+ return true;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static bool virtio_blk_sect_range_ok(VirtIOBlock *dev,\n uint64_t sector, size_t size)\n{\n if (sector & dev->sector_mask) {\n if (size % dev->conf->logical_block_size) {\n return true;"}} | |
| {"sample_id": "a392bf657015c9a79a5a13adfbfb15086c1943b9", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,7 +2,7 @@\n \n const uint8_t *src, int src_size)\n \n+{\n \n int h, w;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static int dxtory_decode_v1_420(AVCodecContext *avctx, AVFrame *pic,\n\n const uint8_t *src, int src_size)\n\n{\n\n int h, w;\n\n uint8_t *Y1, *Y2, *U, *V;\n\n int ret;\n\n\n\n if (src_size < avctx->width * avctx->height * 3 / 2) {\n\n av_log(avctx, AV_LOG_ERROR, \"packet too small\\n\");\n\n return AVERROR_INVALIDDATA;\n\n }\n\n\n\n avctx->pix_fmt = AV_PIX_FMT_YUV420P;\n\n if ((ret = ff_get_buffer(avctx, pic, 0)) < 0)\n\n return ret;\n\n\n\n Y1 = pic->data[0];\n\n Y2 = pic->data[0] + pic->linesize[0];\n\n U = pic->data[1];\n\n V = pic->data[2];\n\n for (h = 0; h < avctx->height; h += 2) {\n\n for (w = 0; w < avctx->width; w += 2) {\n\n AV_COPY16(Y1 + w, src);\n\n AV_COPY16(Y2 + w, src + 2);\n\n U[w >> 1] = src[4] + 0x80;\n\n V[w >> 1] = src[5] + 0x80;\n\n src += 6;\n\n }\n\n Y1 += pic->linesize[0] << 1;\n\n Y2 += pic->linesize[0] << 1;\n\n U += pic->linesize[1];\n\n V += pic->linesize[2];\n\n }\n\n\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "9fac18f03a9040b67ec38e14d3e1ed34db9c7e06", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n void qemu_anon_ram_free(void *ptr, size_t size)\n \n {\n+\n trace_qemu_anon_ram_free(ptr, size);\n \n if (ptr) {", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "void qemu_anon_ram_free(void *ptr, size_t size)\n\n{\n\n trace_qemu_anon_ram_free(ptr, size);\n\n if (ptr) {\n\n munmap(ptr, size);\n\n }\n\n}\n"}} | |
| {"sample_id": "2da0d70d5eebe42f9fcd27ee554419ebe2a5da06_16", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n static inline void RENAME(uyvyToY)(uint8_t *dst, uint8_t *src, long width)\n+\n+{\n+\n+#ifdef HAVE_MMX\n+\n \tasm volatile(\n \n \t\t\"mov %0, %%\"REG_a\"\t\t\\n\\t\"", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static inline void RENAME(uyvyToY)(uint8_t *dst, uint8_t *src, long width)\n\n{\n\n#ifdef HAVE_MMX\n\n\tasm volatile(\n\n\t\t\"mov %0, %%\"REG_a\"\t\t\\n\\t\"\n\n\t\t\"1:\t\t\t\t\\n\\t\"\n\n\t\t\"movq (%1, %%\"REG_a\",2), %%mm0\t\\n\\t\"\n\n\t\t\"movq 8(%1, %%\"REG_a\",2), %%mm1\t\\n\\t\"\n\n\t\t\"psrlw $8, %%mm0\t\t\\n\\t\"\n\n\t\t\"psrlw $8, %%mm1\t\t\\n\\t\"\n\n\t\t\"packuswb %%mm1, %%mm0\t\t\\n\\t\"\n\n\t\t\"movq %%mm0, (%2, %%\"REG_a\")\t\\n\\t\"\n\n\t\t\"add $8, %%\"REG_a\"\t\t\\n\\t\"\n\n\t\t\" js 1b\t\t\t\t\\n\\t\"\n\n\t\t: : \"g\" (-width), \"r\" (src+width*2), \"r\" (dst+width)\n\n\t\t: \"%\"REG_a\n\n\t);\n\n#else\n\n\tint i;\n\n\tfor(i=0; i<width; i++)\n\n\t\tdst[i]= src[2*i+1];\n\n#endif\n\n}\n"}} | |
| {"sample_id": "49e5dcbce5f9e08ec375fd54c413148beb81f1d7_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,21 +1,21 @@\n static int ff_h261_resync(H261Context *h){\n \n MpegEncContext * const s = &h->s;\n+\n int left, ret;\n \n \n+\n+ if(show_bits(&s->gb, 15)==0){\n+\n+ ret= h261_decode_gob_header(h);\n \n+ if(ret>=0)\n \n return 0;\n+\n }\n+\n //ok, its not where its supposed to be ...\n \n s->gb= s->last_resync_gb;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "static int ff_h261_resync(H261Context *h){\n\n MpegEncContext * const s = &h->s;\n\n int left, ret;\n\n\n\n if(show_bits(&s->gb, 15)==0){\n\n ret= h261_decode_gob_header(h);\n\n if(ret>=0)\n\n return 0;\n\n }\n\n //ok, its not where its supposed to be ...\n\n s->gb= s->last_resync_gb;\n\n align_get_bits(&s->gb);\n\n left= s->gb.size_in_bits - get_bits_count(&s->gb);\n\n\n\n for(;left>15+1+4+5; left-=8){\n\n if(show_bits(&s->gb, 15)==0){\n\n GetBitContext bak= s->gb;\n\n\n\n ret= h261_decode_gob_header(h);\n\n if(ret>=0)\n\n return 0;\n\n\n\n s->gb= bak;\n\n }\n\n skip_bits(&s->gb, 8);\n\n }\n\n\n\n return -1;\n\n}\n"}} | |
| {"sample_id": "91bea4e2bb1a5f7954a3b3a4f2e28e96bd25c458", "diff": "--- a/source.c\n+++ b/source.c\n@@ -7,10 +7,10 @@\n IscsiAIOCB *acb;\n acb = qemu_aio_get(&iscsi_aiocb_info, bs, cb, opaque);\n trace_iscsi_aio_writev(iscsilun->iscsi, sector_num, nb_sectors, opaque, acb);\n+ acb->iscsilun = iscsilun;\n+ acb->qiov = qiov;\n+ acb->nb_sectors = nb_sectors;\n+ acb->sector_num = sector_num;\n acb->retries = ISCSI_CMD_RETRIES;\n if (iscsi_aio_writev_acb(acb) != 0) {\n qemu_aio_release(acb);", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "iscsi_aio_writev(BlockDriverState *bs, int64_t sector_num,\n QEMUIOVector *qiov, int nb_sectors,\n BlockDriverCompletionFunc *cb,\n void *opaque)\n{\n IscsiLun *iscsilun = bs->opaque;\n IscsiAIOCB *acb;\n acb = qemu_aio_get(&iscsi_aiocb_info, bs, cb, opaque);\n trace_iscsi_aio_writev(iscsilun->iscsi, sector_num, nb_sectors, opaque, acb);\n acb->iscsilun = iscsilun;\n acb->qiov = qiov;\n acb->nb_sectors = nb_sectors;\n acb->sector_num = sector_num;\n acb->retries = ISCSI_CMD_RETRIES;\n if (iscsi_aio_writev_acb(acb) != 0) {\n qemu_aio_release(acb);\n iscsi_set_events(iscsilun);\n return &acb->common;"}} | |
| {"sample_id": "e0dadc1e9ef1f35208e5d2af9c7740c18a0b769f_8", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,8 +2,8 @@\n \n {\n \n+ assert(!aux_slave->mmio);\n+\n aux_slave->mmio = mmio;\n \n }", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "void aux_init_mmio(AUXSlave *aux_slave, MemoryRegion *mmio)\n\n{\n\n assert(!aux_slave->mmio);\n\n aux_slave->mmio = mmio;\n\n}\n"}} | |
| {"sample_id": "ea375f9ab8c76686dca0af8cb4f87a4eb569cad3_3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n+static int cpu_pre_load(void *opaque)\n+\n+{\n+\n CPUState *env = opaque;\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "static int cpu_pre_load(void *opaque)\n\n{\n\n CPUState *env = opaque;\n\n\n\n cpu_synchronize_state(env);\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "bb6c67bb36b136de10256f0999128df4a42f9ffc_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,20 +1,20 @@\n+static int draw_slice(AVFilterLink *link, int y, int h, int slice_dir)\n+\n+{\n+\n+ SliceContext *slice = link->dst->priv;\n+\n+ int y2, ret = 0;\n \n+\n+\n+ if (slice_dir == 1) {\n+\n for (y2 = y; y2 + slice->h <= y + h; y2 += slice->h) {\n \n+ ret = ff_draw_slice(link->dst->outputs[0], y2, slice->h, slice_dir);\n \n+ if (ret < 0)\n \n return ret;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "static int draw_slice(AVFilterLink *link, int y, int h, int slice_dir)\n\n{\n\n SliceContext *slice = link->dst->priv;\n\n int y2, ret = 0;\n\n\n\n if (slice_dir == 1) {\n\n for (y2 = y; y2 + slice->h <= y + h; y2 += slice->h) {\n\n ret = ff_draw_slice(link->dst->outputs[0], y2, slice->h, slice_dir);\n\n if (ret < 0)\n\n return ret;\n\n }\n\n\n\n if (y2 < y + h)\n\n return ff_draw_slice(link->dst->outputs[0], y2, y + h - y2, slice_dir);\n\n } else if (slice_dir == -1) {\n\n for (y2 = y + h; y2 - slice->h >= y; y2 -= slice->h) {\n\n ret = ff_draw_slice(link->dst->outputs[0], y2 - slice->h, slice->h, slice_dir);\n\n if (ret < 0)\n\n return ret;\n\n }\n\n\n\n if (y2 > y)\n\n return ff_draw_slice(link->dst->outputs[0], y, y2 - y, slice_dir);\n\n }\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "0b8b8753e4d94901627b3e86431230f2319215c4_8", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n static void thread_pool_co_cb(void *opaque, int ret)\n \n {\n+\n ThreadPoolCo *co = opaque;\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "static void thread_pool_co_cb(void *opaque, int ret)\n\n{\n\n ThreadPoolCo *co = opaque;\n\n\n\n co->ret = ret;\n\n qemu_coroutine_enter(co->co, NULL);\n\n}\n"}} | |
| {"sample_id": "9732baf67850dac57dfc7dc8980bf408889a8973_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n static void *thread_function(void *data)\n+\n+{\n \n GMainLoop *loop;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "static void *thread_function(void *data)\n\n{\n\n GMainLoop *loop;\n\n loop = g_main_loop_new(NULL, FALSE);\n\n g_main_loop_run(loop);\n\n return NULL;\n\n}\n"}} | |
| {"sample_id": "962b289ef35087fcd8764e4e29808d8ac90157f7", "diff": "--- a/source.c\n+++ b/source.c\n@@ -5,8 +5,8 @@\n int i;\n \n \n+\n+ for(i=0;i<nsyscalls;i++)\n \n if( scnames[i].nr == num ) {\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "print_syscall_ret(int num, abi_long ret)\n\n{\n\n int i;\n\n\n\n for(i=0;i<nsyscalls;i++)\n\n if( scnames[i].nr == num ) {\n\n if( scnames[i].result != NULL ) {\n\n scnames[i].result(&scnames[i],ret);\n\n } else {\n\n if( ret < 0 ) {\n\n gemu_log(\" = -1 errno=\" TARGET_ABI_FMT_ld \" (%s)\\n\", -ret, target_strerror(-ret));\n\n } else {\n\n gemu_log(\" = \" TARGET_ABI_FMT_ld \"\\n\", ret);\n\n }\n\n }\n\n break;\n\n }\n\n}\n"}} | |
| {"sample_id": "b425b81fd2040f173051efc0f1413f2101ba993e", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n static int sdp_probe(AVProbeData *p1)\n \n {\n+\n const char *p = p1->buf, *p_end = p1->buf + p1->buf_size;\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "static int sdp_probe(AVProbeData *p1)\n\n{\n\n const char *p = p1->buf, *p_end = p1->buf + p1->buf_size;\n\n\n\n /* we look for a line beginning \"c=IN IP\" */\n\n while (p < p_end && *p != '\\0') {\n\n if (p + sizeof(\"c=IN IP\") - 1 < p_end &&\n\n av_strstart(p, \"c=IN IP\", NULL))\n\n return AVPROBE_SCORE_EXTENSION;\n\n\n\n while (p < p_end - 1 && *p != '\\n') p++;\n\n if (++p >= p_end)\n\n break;\n\n if (*p == '\\r')\n\n p++;\n\n }\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "016d2e1dfa21b64a524d3629fdd317d4c25bc3b8", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,14 +4,14 @@\n \n struct target_sigframe *frame;\n \n+ abi_ulong frame_addr = env->aregs[7] - 4;\n \n target_sigset_t target_set;\n \n sigset_t set;\n \n int d0, i;\n+\n \n \n if (!lock_user_struct(VERIFY_READ, frame, frame_addr, 1))", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "long do_sigreturn(CPUM68KState *env)\n\n{\n\n struct target_sigframe *frame;\n\n abi_ulong frame_addr = env->aregs[7] - 4;\n\n target_sigset_t target_set;\n\n sigset_t set;\n\n int d0, i;\n\n\n\n if (!lock_user_struct(VERIFY_READ, frame, frame_addr, 1))\n\n goto badframe;\n\n\n\n /* set blocked signals */\n\n\n\n if (__get_user(target_set.sig[0], &frame->sc.sc_mask))\n\n goto badframe;\n\n\n\n for(i = 1; i < TARGET_NSIG_WORDS; i++) {\n\n if (__get_user(target_set.sig[i], &frame->extramask[i - 1]))\n\n goto badframe;\n\n }\n\n\n\n target_to_host_sigset_internal(&set, &target_set);\n\n do_sigprocmask(SIG_SETMASK, &set, NULL);\n\n\n\n /* restore registers */\n\n\n\n if (restore_sigcontext(env, &frame->sc, &d0))\n\n goto badframe;\n\n\n\n unlock_user_struct(frame, frame_addr, 0);\n\n return d0;\n\n\n\nbadframe:\n\n unlock_user_struct(frame, frame_addr, 0);\n\n force_sig(TARGET_SIGSEGV);\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "107e4b352cc309f9bd7588ef1a44549200620078", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,8 +3,8 @@\n {\n \n PCIDevice *dev = PCI_DEVICE(r);\n+\n+ char *buf;\n \n int i;\n \n@@ -18,7 +18,7 @@\n \n DPRINTF(\"test dma buffer alloc failed\");\n \n+ return;\n \n }\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static void rocker_test_dma_ctrl(Rocker *r, uint32_t val)\n\n{\n\n PCIDevice *dev = PCI_DEVICE(r);\n\n char *buf;\n\n int i;\n\n\n\n buf = g_malloc(r->test_dma_size);\n\n\n\n if (!buf) {\n\n DPRINTF(\"test dma buffer alloc failed\");\n\n return;\n\n }\n\n\n\n switch (val) {\n\n case ROCKER_TEST_DMA_CTRL_CLEAR:\n\n memset(buf, 0, r->test_dma_size);\n\n break;\n\n case ROCKER_TEST_DMA_CTRL_FILL:\n\n memset(buf, 0x96, r->test_dma_size);\n\n break;\n\n case ROCKER_TEST_DMA_CTRL_INVERT:\n\n pci_dma_read(dev, r->test_dma_addr, buf, r->test_dma_size);\n\n for (i = 0; i < r->test_dma_size; i++) {\n\n buf[i] = ~buf[i];\n\n }\n\n break;\n\n default:\n\n DPRINTF(\"not test dma control val=0x%08x\\n\", val);\n\n goto err_out;\n\n }\n\n pci_dma_write(dev, r->test_dma_addr, buf, r->test_dma_size);\n\n\n\n rocker_msix_irq(r, ROCKER_MSIX_VEC_TEST);\n\n\n\nerr_out:\n\n g_free(buf);\n\n}\n"}} | |
| {"sample_id": "53fae6d27f342a17bdc218dc51ccccebd99f3545", "diff": "--- a/source.c\n+++ b/source.c\n@@ -14,7 +14,7 @@\n \n \tif (slirp->m_freelist.m_next == &slirp->m_freelist) {\n \n+\t\tm = (struct mbuf *)malloc(SLIRP_MSIZE);\n \n \t\tif (m == NULL) goto end_error;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "m_get(Slirp *slirp)\n\n{\n\n\tregister struct mbuf *m;\n\n\tint flags = 0;\n\n\n\n\tDEBUG_CALL(\"m_get\");\n\n\n\n\tif (slirp->m_freelist.m_next == &slirp->m_freelist) {\n\n\t\tm = (struct mbuf *)malloc(SLIRP_MSIZE);\n\n\t\tif (m == NULL) goto end_error;\n\n\t\tslirp->mbuf_alloced++;\n\n\t\tif (slirp->mbuf_alloced > MBUF_THRESH)\n\n\t\t\tflags = M_DOFREE;\n\n\t\tm->slirp = slirp;\n\n\t} else {\n\n\t\tm = slirp->m_freelist.m_next;\n\n\t\tremque(m);\n\n\t}\n\n\n\n\t/* Insert it in the used list */\n\n\tinsque(m,&slirp->m_usedlist);\n\n\tm->m_flags = (flags | M_USEDLIST);\n\n\n\n\t/* Initialise it */\n\n\tm->m_size = SLIRP_MSIZE - sizeof(struct m_hdr);\n\n\tm->m_data = m->m_dat;\n\n\tm->m_len = 0;\n\n m->m_nextpkt = NULL;\n\n m->m_prevpkt = NULL;\n\nend_error:\n\n\tDEBUG_ARG(\"m = %lx\", (long )m);\n\n\treturn m;\n\n}\n"}} | |
| {"sample_id": "ad0ebb91cd8b5fdc4a583b03645677771f420a46_12", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,14 +1,14 @@\n+int spapr_vio_check_tces(VIOsPAPRDevice *dev, target_ulong ioba,\n+\n+ target_ulong len, enum VIOsPAPR_TCEAccess access)\n+\n+{\n+\n+ int start, end, i;\n+\n \n \n+ start = ioba >> SPAPR_VIO_TCE_PAGE_SHIFT;\n \n end = (ioba + len - 1) >> SPAPR_VIO_TCE_PAGE_SHIFT;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "int spapr_vio_check_tces(VIOsPAPRDevice *dev, target_ulong ioba,\n\n target_ulong len, enum VIOsPAPR_TCEAccess access)\n\n{\n\n int start, end, i;\n\n\n\n start = ioba >> SPAPR_VIO_TCE_PAGE_SHIFT;\n\n end = (ioba + len - 1) >> SPAPR_VIO_TCE_PAGE_SHIFT;\n\n\n\n for (i = start; i <= end; i++) {\n\n if ((dev->rtce_table[i].tce & access) != access) {\n\n#ifdef DEBUG_TCE\n\n fprintf(stderr, \"FAIL on %d\\n\", i);\n\n#endif\n\n return -1;\n\n }\n\n }\n\n\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "5c720657c23afd798ae0db7c7362eb859a89ab3d_4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,7 +12,7 @@\n \n if ((atom.size -= 5) < 0)\n \n+ return 0;\n \n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)\n\n{\n\n int64_t start;\n\n int i, nb_chapters, str_len, version;\n\n char str[256+1];\n\n\n\n if ((atom.size -= 5) < 0)\n\n return 0;\n\n\n\n version = avio_r8(pb);\n\n avio_rb24(pb);\n\n if (version)\n\n avio_rb32(pb); // ???\n\n nb_chapters = avio_r8(pb);\n\n\n\n for (i = 0; i < nb_chapters; i++) {\n\n if (atom.size < 9)\n\n return 0;\n\n\n\n start = avio_rb64(pb);\n\n str_len = avio_r8(pb);\n\n\n\n if ((atom.size -= 9+str_len) < 0)\n\n return 0;\n\n\n\n avio_read(pb, str, str_len);\n\n str[str_len] = 0;\n\n avpriv_new_chapter(c->fc, i, (AVRational){1,10000000}, start, AV_NOPTS_VALUE, str);\n\n }\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "b5806108d20fc32b4692e721d8bd6376f4ca4a69", "diff": "--- a/source.c\n+++ b/source.c\n@@ -19,11 +19,11 @@\n \n \n if (!bkt->max) {\n+\n+ /* If bkt->max is 0 we still want to allow short bursts of I/O\n+\n+ * from the guest, otherwise every other request will be throttled\n+\n * and performance will suffer considerably. */\n \n bucket_size = (double) bkt->avg / 10;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "int64_t throttle_compute_wait(LeakyBucket *bkt)\n\n{\n\n double extra; /* the number of extra units blocking the io */\n\n double bucket_size; /* I/O before throttling to bkt->avg */\n\n double burst_bucket_size; /* Before throttling to bkt->max */\n\n\n\n if (!bkt->avg) {\n\n return 0;\n\n }\n\n\n\n if (!bkt->max) {\n\n /* If bkt->max is 0 we still want to allow short bursts of I/O\n\n * from the guest, otherwise every other request will be throttled\n\n * and performance will suffer considerably. */\n\n bucket_size = (double) bkt->avg / 10;\n\n burst_bucket_size = 0;\n\n } else {\n\n /* If we have a burst limit then we have to wait until all I/O\n\n * at burst rate has finished before throttling to bkt->avg */\n\n bucket_size = bkt->max * bkt->burst_length;\n\n burst_bucket_size = (double) bkt->max / 10;\n\n }\n\n\n\n /* If the main bucket is full then we have to wait */\n\n extra = bkt->level - bucket_size;\n\n if (extra > 0) {\n\n return throttle_do_compute_wait(bkt->avg, extra);\n\n }\n\n\n\n /* If the main bucket is not full yet we still have to check the\n\n * burst bucket in order to enforce the burst limit */\n\n if (bkt->burst_length > 1) {\n\n\n extra = bkt->burst_level - burst_bucket_size;\n\n if (extra > 0) {\n\n return throttle_do_compute_wait(bkt->max, extra);\n\n }\n\n }\n\n\n\n return 0;\n\n}"}} | |
| {"sample_id": "fb1131b674e492a5f91abd77b9fcc9a9e2b88eb7", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n+static unsigned int virtqueue_get_head(VirtQueue *vq, unsigned int idx)\n+\n+{\n+\n+ unsigned int head;\n+\n \n+\n /* Grab the next descriptor number they're advertising, and increment\n \n * the index we've seen. */", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-79", "target_file": "source.c", "files": {"source.c": "static unsigned int virtqueue_get_head(VirtQueue *vq, unsigned int idx)\n\n{\n\n unsigned int head;\n\n\n\n /* Grab the next descriptor number they're advertising, and increment\n\n * the index we've seen. */\n\n head = vring_avail_ring(vq, idx % vq->vring.num);\n\n\n\n /* If their number is silly, that's a fatal mistake. */\n\n if (head >= vq->vring.num) {\n\n error_report(\"Guest says index %u is available\", head);\n\n exit(1);\n\n }\n\n\n\n return head;\n\n}\n"}} | |
| {"sample_id": "69e58af92cf90a1a0551c73880928afa6753fa5f_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,11 +12,11 @@\n \n if (se->vmsd == vmsd && se->opaque == opaque) {\n \n+ QTAILQ_REMOVE(&savevm_handlers, se, entry);\n+\n+\n+\n+\n qemu_free(se);\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-79", "target_file": "source.c", "files": {"source.c": "void vmstate_unregister(DeviceState *dev, const VMStateDescription *vmsd,\n\n void *opaque)\n\n{\n\n SaveStateEntry *se, *new_se;\n\n\n\n QTAILQ_FOREACH_SAFE(se, &savevm_handlers, entry, new_se) {\n\n if (se->vmsd == vmsd && se->opaque == opaque) {\n\n QTAILQ_REMOVE(&savevm_handlers, se, entry);\n\n\n\n\n qemu_free(se);\n\n\n"}} | |
| {"sample_id": "b41d320fef705289d2b73f4949731eb2e189161d_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,7 +2,7 @@\n \n {\n \n+ long shift;\n \n int index;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-79", "target_file": "source.c", "files": {"source.c": "static void spapr_reset_htab(sPAPRMachineState *spapr)\n\n{\n\n long shift;\n\n int index;\n\n\n\n shift = kvmppc_reset_htab(spapr->htab_shift);\n\n if (shift > 0) {\n\n if (shift != spapr->htab_shift) {\n\n error_setg(&error_abort, \"Requested HTAB allocation failed during reset\");\n\n }\n\n\n\n /* Tell readers to update their file descriptor */\n\n if (spapr->htab_fd >= 0) {\n\n spapr->htab_fd_stale = true;\n\n }\n\n } else {\n\n memset(spapr->htab, 0, HTAB_SIZE(spapr));\n\n\n\n for (index = 0; index < HTAB_SIZE(spapr) / HASH_PTE_SIZE_64; index++) {\n\n DIRTY_HPTE(HPTE(spapr->htab, index));\n\n }\n\n }\n\n\n\n /* Update the RMA size if necessary */\n\n if (spapr->vrma_adjust) {\n\n spapr->rma_size = kvmppc_rma_size(spapr_node0_size(),\n\n spapr->htab_shift);\n\n }\n\n}\n"}} | |
| {"sample_id": "2c9639227766fea9a8109f82378b312a8d32a1ee", "diff": "--- a/source.c\n+++ b/source.c\n@@ -5,11 +5,11 @@\n const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pix_fmt);\n \n AVPicture dummy_pict;\n+\n+ int ret;\n+\n+\n+\n \n \n if ((ret = av_image_check_size(width, height, 0, NULL)) < 0)", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-79", "target_file": "source.c", "files": {"source.c": "int avpicture_get_size(enum AVPixelFormat pix_fmt, int width, int height)\n\n{\n\n const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(pix_fmt);\n\n AVPicture dummy_pict;\n\n int ret;\n\n\n\n\n\n if ((ret = av_image_check_size(width, height, 0, NULL)) < 0)\n\n return ret;\n\n if (desc->flags & PIX_FMT_PSEUDOPAL)\n\n // do not include palette for these pseudo-paletted formats\n\n return width * height;\n\n return avpicture_fill(&dummy_pict, NULL, pix_fmt, width, height);\n\n}"}} | |
| {"sample_id": "2f3b028c7117e03267ea7f88d0d612e70f1afc06", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n static inline void json_print_item_str(WriterContext *wctx,\n+\n+ const char *key, const char *value,\n+\n+ const char *indent)\n+\n {\n \n char *key_esc = json_escape_str(key);", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-79", "target_file": "source.c", "files": {"source.c": "static inline void json_print_item_str(WriterContext *wctx,\n\n const char *key, const char *value,\n\n const char *indent)\n\n{\n\n char *key_esc = json_escape_str(key);\n\n char *value_esc = json_escape_str(value);\n\n\n\n printf(\"%s\\\"%s\\\": \\\"%s\\\"\", indent,\n\n key_esc ? key_esc : \"\",\n\n value_esc ? value_esc : \"\");\n\n av_free(key_esc);\n\n av_free(value_esc);\n\n}\n"}} | |
| {"sample_id": "cb69166bb8defaaa4b3e0a4e31de693737634a54", "diff": "--- a/source.c\n+++ b/source.c\n@@ -10,11 +10,11 @@\n \n QList *qlist;\n \n+ QString *qstr;\n+\n+\n+\n+ qdict = keyval_parse(\"a.0=null,a.1=1\", NULL, &error_abort);\n \n v = qobject_input_visitor_new_keyval(QOBJECT(qdict));\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static void test_keyval_visit_any(void)\n\n{\n\n Visitor *v;\n\n QDict *qdict;\n\n QObject *any;\n\n QList *qlist;\n\n QString *qstr;\n\n\n\n qdict = keyval_parse(\"a.0=null,a.1=1\", NULL, &error_abort);\n\n v = qobject_input_visitor_new_keyval(QOBJECT(qdict));\n\n QDECREF(qdict);\n\n visit_start_struct(v, NULL, NULL, 0, &error_abort);\n\n visit_type_any(v, \"a\", &any, &error_abort);\n\n qlist = qobject_to_qlist(any);\n\n g_assert(qlist);\n\n qstr = qobject_to_qstring(qlist_pop(qlist));\n\n g_assert_cmpstr(qstring_get_str(qstr), ==, \"null\");\n\n\n qstr = qobject_to_qstring(qlist_pop(qlist));\n\n g_assert_cmpstr(qstring_get_str(qstr), ==, \"1\");\n\n g_assert(qlist_empty(qlist));\n\n\n\n visit_check_struct(v, &error_abort);\n\n visit_end_struct(v, NULL);\n\n visit_free(v);\n\n}"}} | |
| {"sample_id": "b0706b716769494f321a0d2bfd9fa9893992f995", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,5 +1,5 @@\n+static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe)\n+\n {\n \n return (tlbe->addr_write & (TLB_INVALID_MASK|TLB_MMIO|TLB_NOTDIRTY)) == 0;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static bool tlb_is_dirty_ram(CPUTLBEntry *tlbe)\n\n{\n\n return (tlbe->addr_write & (TLB_INVALID_MASK|TLB_MMIO|TLB_NOTDIRTY)) == 0;\n\n}\n"}} | |
| {"sample_id": "77cb0f5aafc8e6d0c6d3c339f381c9b7921648e0_9", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,13 +1,13 @@\n+static void adb_mouse_class_init(ObjectClass *oc, void *data)\n+\n+{\n+\n+ DeviceClass *dc = DEVICE_CLASS(oc);\n+\n+ ADBDeviceClass *adc = ADB_DEVICE_CLASS(oc);\n+\n+ ADBMouseClass *amc = ADB_MOUSE_CLASS(oc);\n+\n \n \n amc->parent_realize = dc->realize;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static void adb_mouse_class_init(ObjectClass *oc, void *data)\n\n{\n\n DeviceClass *dc = DEVICE_CLASS(oc);\n\n ADBDeviceClass *adc = ADB_DEVICE_CLASS(oc);\n\n ADBMouseClass *amc = ADB_MOUSE_CLASS(oc);\n\n\n\n amc->parent_realize = dc->realize;\n\n dc->realize = adb_mouse_realizefn;\n\n set_bit(DEVICE_CATEGORY_INPUT, dc->categories);\n\n\n\n adc->devreq = adb_mouse_request;\n\n dc->reset = adb_mouse_reset;\n\n dc->vmsd = &vmstate_adb_mouse;\n\n}\n"}} | |
| {"sample_id": "c3e10c7b4377c1cbc0a4fbc12312c2cf41c0cda7_2", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n static always_inline void gen_op_subfeo (void)\n+\n {\n+\n gen_op_move_T2_T0();\n \n gen_op_subfe();", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static always_inline void gen_op_subfeo (void)\n\n{\n\n gen_op_move_T2_T0();\n\n gen_op_subfe();\n\n gen_op_check_subfo();\n\n}\n"}} | |
| {"sample_id": "f8ed85ac992c48814d916d5df4d44f9a971c5de4_10", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,7 +12,7 @@\n \n \n \n+ /* FCode ROM */\n \n vmstate_register_ram_global(&s->rom);\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static void cg3_realizefn(DeviceState *dev, Error **errp)\n\n{\n\n SysBusDevice *sbd = SYS_BUS_DEVICE(dev);\n\n CG3State *s = CG3(dev);\n\n int ret;\n\n char *fcode_filename;\n\n\n\n /* FCode ROM */\n\n vmstate_register_ram_global(&s->rom);\n\n fcode_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, CG3_ROM_FILE);\n\n if (fcode_filename) {\n\n ret = load_image_targphys(fcode_filename, s->prom_addr,\n\n FCODE_MAX_ROM_SIZE);\n\n g_free(fcode_filename);\n\n if (ret < 0 || ret > FCODE_MAX_ROM_SIZE) {\n\n error_report(\"cg3: could not load prom '%s'\", CG3_ROM_FILE);\n\n }\n\n }\n\n\n\n memory_region_init_ram(&s->vram_mem, NULL, \"cg3.vram\", s->vram_size,\n\n &error_abort);\n\n memory_region_set_log(&s->vram_mem, true, DIRTY_MEMORY_VGA);\n\n vmstate_register_ram_global(&s->vram_mem);\n\n sysbus_init_mmio(sbd, &s->vram_mem);\n\n\n\n sysbus_init_irq(sbd, &s->irq);\n\n\n\n s->con = graphic_console_init(DEVICE(dev), 0, &cg3_ops, s);\n\n qemu_console_resize(s->con, s->width, s->height);\n\n}\n"}} | |
| {"sample_id": "5e8e3c4c75c199aa1017db816fca02be2a9f8798", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,11 +3,11 @@\n struct virtio_gpu_ctrl_command *cmd)\n \n {\n+\n+ struct virtio_gpu_resource_unref unref;\n+\n+\n+\n \n \n VIRTIO_GPU_FILL_CMD(unref);", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-78", "target_file": "source.c", "files": {"source.c": "static void virgl_cmd_resource_unref(VirtIOGPU *g,\n\n struct virtio_gpu_ctrl_command *cmd)\n\n{\n\n struct virtio_gpu_resource_unref unref;\n\n\n\n\n\n VIRTIO_GPU_FILL_CMD(unref);\n\n trace_virtio_gpu_cmd_res_unref(unref.resource_id);\n\n\n\n\n\n\n\n\n\n virgl_renderer_resource_unref(unref.resource_id);\n"}} | |
| {"sample_id": "8be487d8f184f2f721cabeac559fb7a6cba18c95", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,7 +4,7 @@\n \n /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */\n \n+ if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) {\n \n SDRequest request;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-78", "target_file": "source.c", "files": {"source.c": "static void sdhci_end_transfer(SDHCIState *s)\n\n{\n\n /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */\n\n if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) {\n\n SDRequest request;\n\n uint8_t response[16];\n\n\n\n request.cmd = 0x0C;\n\n request.arg = 0;\n\n DPRINT_L1(\"Automatically issue CMD%d %08x\\n\", request.cmd, request.arg);\n\n sdbus_do_command(&s->sdbus, &request, response);\n\n /* Auto CMD12 response goes to the upper Response register */\n\n s->rspreg[3] = (response[0] << 24) | (response[1] << 16) |\n\n (response[2] << 8) | response[3];\n\n }\n\n\n\n s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE |\n\n SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT |\n\n SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE);\n\n\n\n if (s->norintstsen & SDHC_NISEN_TRSCMP) {\n\n s->norintsts |= SDHC_NIS_TRSCMP;\n\n }\n\n\n\n sdhci_update_irq(s);\n\n}\n"}} | |
| {"sample_id": "a1f0cce2ac0243572ff72aa561da67fe3766a395_4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,7 +4,7 @@\n \n SCSIGenericReq *r = (SCSIGenericReq *)opaque;\n \n+ SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, r->req.dev);\n \n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-78", "target_file": "source.c", "files": {"source.c": "static void scsi_command_complete(void *opaque, int ret)\n\n{\n\n SCSIGenericReq *r = (SCSIGenericReq *)opaque;\n\n SCSIGenericState *s = DO_UPCAST(SCSIGenericState, qdev, r->req.dev);\n\n\n\n r->req.aiocb = NULL;\n\n s->driver_status = r->io_header.driver_status;\n\n if (s->driver_status & SG_ERR_DRIVER_SENSE)\n\n s->senselen = r->io_header.sb_len_wr;\n\n\n\n if (ret != 0)\n\n r->req.status = BUSY;\n\n else {\n\n if (s->driver_status & SG_ERR_DRIVER_TIMEOUT) {\n\n r->req.status = BUSY;\n\n BADF(\"Driver Timeout\\n\");\n\n } else if (r->io_header.status)\n\n r->req.status = r->io_header.status;\n\n else if (s->driver_status & SG_ERR_DRIVER_SENSE)\n\n r->req.status = CHECK_CONDITION;\n\n else\n\n r->req.status = GOOD;\n\n }\n\n DPRINTF(\"Command complete 0x%p tag=0x%x status=%d\\n\",\n\n r, r->req.tag, r->req.status);\n\n\n\n scsi_req_complete(&r->req);\n\n}\n"}} | |
| {"sample_id": "73a1e647256b09734ce64ef7a6001a0db03f7106", "diff": "--- a/source.c\n+++ b/source.c\n@@ -13,10 +13,10 @@\n * to provide a little bit of consistency for\n * the command line */\n error_report(\"invalid argument for obsolete\");\n+ if (seccomp_start(seccomp_opts) < 0) {\n+ error_report(\"failed to install seccomp syscall filter \"\n+ \"in the kernel\");\n+#else\n+ error_report(\"seccomp support is disabled\");\n #endif\n return 0;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-78", "target_file": "source.c", "files": {"source.c": "static int parse_sandbox(void *opaque, QemuOpts *opts, Error **errp)\n{\n if (qemu_opt_get_bool(opts, \"enable\", false)) {\n#ifdef CONFIG_SECCOMP\n uint32_t seccomp_opts = QEMU_SECCOMP_SET_DEFAULT\n | QEMU_SECCOMP_SET_OBSOLETE;\n const char *value = NULL;\n value = qemu_opt_get(opts, \"obsolete\");\n if (g_str_equal(value, \"allow\")) {\n seccomp_opts &= ~QEMU_SECCOMP_SET_OBSOLETE;\n } else if (g_str_equal(value, \"deny\")) {\n /* this is the default option, this if is here\n * to provide a little bit of consistency for\n * the command line */\n error_report(\"invalid argument for obsolete\");\n if (seccomp_start(seccomp_opts) < 0) {\n error_report(\"failed to install seccomp syscall filter \"\n \"in the kernel\");\n#else\n error_report(\"seccomp support is disabled\");\n#endif\n return 0;"}} | |
| {"sample_id": "846424350b292f16b732b573273a5c1f195cd7a3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -9,7 +9,7 @@\n switch (buf[0]) {\n \n case REPORT_LUNS:\n+\n if (!scsi_target_emulate_report_luns(r)) {\n \n goto illegal_request;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-78", "target_file": "source.c", "files": {"source.c": "static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf)\n\n{\n\n SCSITargetReq *r = DO_UPCAST(SCSITargetReq, req, req);\n\n\n\n switch (buf[0]) {\n\n case REPORT_LUNS:\n\n if (!scsi_target_emulate_report_luns(r)) {\n\n goto illegal_request;\n\n }\n\n break;\n\n case INQUIRY:\n\n if (!scsi_target_emulate_inquiry(r)) {\n\n goto illegal_request;\n\n }\n\n break;\n\n case REQUEST_SENSE:\n\n r->len = scsi_device_get_sense(r->req.dev, r->buf,\n\n MIN(req->cmd.xfer, sizeof r->buf),\n\n (req->cmd.buf[1] & 1) == 0);\n\n if (r->req.dev->sense_is_ua) {\n\n scsi_device_unit_attention_reported(req->dev);\n\n r->req.dev->sense_len = 0;\n\n r->req.dev->sense_is_ua = false;\n\n }\n\n break;\n\n default:\n\n scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED));\n\n scsi_req_complete(req, CHECK_CONDITION);\n\n return 0;\n\n illegal_request:\n\n scsi_req_build_sense(req, SENSE_CODE(INVALID_FIELD));\n\n scsi_req_complete(req, CHECK_CONDITION);\n\n return 0;\n\n }\n\n\n\n if (!r->len) {\n\n scsi_req_complete(req, GOOD);\n\n }\n\n return r->len;\n\n}\n"}} | |
| {"sample_id": "805b5d98c649d26fc44d2d7755a97f18e62b438a_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -19,11 +19,11 @@\n err = -ENOENT;\n dfidp = get_fid(pdu, dfid);\n if (dfidp == NULL) {\n+ err = -EINVAL;\n+ err = v9fs_co_symlink(pdu, dfidp, &name, symname.data, gid, &stbuf);\n+ if (err < 0) {\n+ goto out;\n+ stat_to_qid(&stbuf, &qid);\n err = pdu_marshal(pdu, offset, \"Q\", &qid);\n if (err < 0) {\n goto out;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-22", "target_file": "source.c", "files": {"source.c": "static void v9fs_symlink(void *opaque)\n{\n V9fsPDU *pdu = opaque;\n V9fsString name;\n V9fsString symname;\n V9fsFidState *dfidp;\n V9fsQID qid;\n struct stat stbuf;\n int32_t dfid;\n int err = 0;\n gid_t gid;\n size_t offset = 7;\n v9fs_string_init(&name);\n v9fs_string_init(&symname);\n err = pdu_unmarshal(pdu, offset, \"dssd\", &dfid, &name, &symname, &gid);\n if (err < 0) {\n trace_v9fs_symlink(pdu->tag, pdu->id, dfid, name.data, symname.data, gid);\n if (name_is_illegal(name.data)) {\n err = -ENOENT;\n dfidp = get_fid(pdu, dfid);\n if (dfidp == NULL) {\n err = -EINVAL;\n err = v9fs_co_symlink(pdu, dfidp, &name, symname.data, gid, &stbuf);\n if (err < 0) {\n goto out;\n stat_to_qid(&stbuf, &qid);\n err = pdu_marshal(pdu, offset, \"Q\", &qid);\n if (err < 0) {\n goto out;\n err += offset;\n trace_v9fs_symlink_return(pdu->tag, pdu->id,\n qid.type, qid.version, qid.path);\nout:\n put_fid(pdu, dfidp);\nout_nofid:\n pdu_complete(pdu, err);\n v9fs_string_free(&name);\n v9fs_string_free(&symname);"}} | |
| {"sample_id": "db431f6adc881a0758512cd765b3108209013512", "diff": "--- a/source.c\n+++ b/source.c\n@@ -26,11 +26,11 @@\n err = s->ctx.exops.get_st_gen(&s->ctx, path, st_mode,\n \n &v9stat->st_gen);\n+\n+ if (err < 0) {\n+\n+ err = -errno;\n+\n \n });\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-22", "target_file": "source.c", "files": {"source.c": "int v9fs_co_st_gen(V9fsPDU *pdu, V9fsPath *path, mode_t st_mode,\n\n V9fsStatDotl *v9stat)\n\n{\n\n int err = 0;\n\n V9fsState *s = pdu->s;\n\n\n\n if (v9fs_request_cancelled(pdu)) {\n\n return -EINTR;\n\n\n if (s->ctx.exops.get_st_gen) {\n\n v9fs_path_read_lock(s);\n\n v9fs_co_run_in_worker(\n\n {\n\n err = s->ctx.exops.get_st_gen(&s->ctx, path, st_mode,\n\n &v9stat->st_gen);\n\n if (err < 0) {\n\n err = -errno;\n\n\n });\n\n v9fs_path_unlock(s);\n\n\n\n\n\n\n return err;\n"}} | |
| {"sample_id": "12848bfc5d719bad536c5448205a3226be1fda47_3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -11,7 +11,7 @@\n int fd;\n \n fd = open(rpath(fs_ctx, path), O_RDONLY);\n+\n if (fd == -1) {\n \n return -1;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-22", "target_file": "source.c", "files": {"source.c": "static ssize_t local_readlink(FsContext *fs_ctx, const char *path,\n\n char *buf, size_t bufsz)\n\n{\n\n ssize_t tsize = -1;\n\n if (fs_ctx->fs_sm == SM_MAPPED) {\n\n int fd;\n\n fd = open(rpath(fs_ctx, path), O_RDONLY);\n\n if (fd == -1) {\n\n return -1;\n\n }\n\n do {\n\n tsize = read(fd, (void *)buf, bufsz);\n\n } while (tsize == -1 && errno == EINTR);\n\n close(fd);\n\n return tsize;\n\n } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {\n\n tsize = readlink(rpath(fs_ctx, path), buf, bufsz);\n\n }\n\n return tsize;\n\n}\n"}} | |
| {"sample_id": "cdcab9d94101a6dd9ac8136c6f2cd15b6a997896", "diff": "--- a/source.c\n+++ b/source.c\n@@ -43,11 +43,11 @@\n \n }\n \n+\n+\n+ memory_region_init_alias(&nvdimm->nvdimm_mr, OBJECT(dimm),\n+\n+ \"nvdimm-memory\", mr, 0, pmem_size);\n \n nvdimm->nvdimm_mr.align = align;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-22", "target_file": "source.c", "files": {"source.c": "static void nvdimm_realize(PCDIMMDevice *dimm, Error **errp)\n\n{\n\n MemoryRegion *mr = host_memory_backend_get_memory(dimm->hostmem, errp);\n\n NVDIMMDevice *nvdimm = NVDIMM(dimm);\n\n uint64_t align, pmem_size, size = memory_region_size(mr);\n\n\n\n align = memory_region_get_alignment(mr);\n\n\n\n pmem_size = size - nvdimm->label_size;\n\n nvdimm->label_data = memory_region_get_ram_ptr(mr) + pmem_size;\n\n pmem_size = QEMU_ALIGN_DOWN(pmem_size, align);\n\n\n\n if (size <= nvdimm->label_size || !pmem_size) {\n\n HostMemoryBackend *hostmem = dimm->hostmem;\n\n char *path = object_get_canonical_path_component(OBJECT(hostmem));\n\n\n\n error_setg(errp, \"the size of memdev %s (0x%\" PRIx64 \") is too \"\n\n \"small to contain nvdimm label (0x%\" PRIx64 \") and \"\n\n \"aligned PMEM (0x%\" PRIx64 \")\",\n\n path, memory_region_size(mr), nvdimm->label_size, align);\n\n\n return;\n\n }\n\n\n\n memory_region_init_alias(&nvdimm->nvdimm_mr, OBJECT(dimm),\n\n \"nvdimm-memory\", mr, 0, pmem_size);\n\n nvdimm->nvdimm_mr.align = align;\n\n}"}} | |
| {"sample_id": "e84a4fedf74983ad0517b4754f927a96a2eea7ce", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,18 +4,18 @@\n \n WAVState *wav = opaque;\n \n+ uint8_t rlen[4];\n \n uint8_t dlen[4];\n+\n+ uint32_t datalen = wav->bytes;\n+\n+ uint32_t rifflen = datalen + 36;\n+\n+\n+\n+ if (!wav->f) {\n+\n return;\n \n }", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-22", "target_file": "source.c", "files": {"source.c": "static void wav_destroy (void *opaque)\n\n{\n\n WAVState *wav = opaque;\n\n uint8_t rlen[4];\n\n uint8_t dlen[4];\n\n uint32_t datalen = wav->bytes;\n\n uint32_t rifflen = datalen + 36;\n\n\n\n if (!wav->f) {\n\n return;\n\n }\n\n\n\n le_store (rlen, rifflen, 4);\n\n le_store (dlen, datalen, 4);\n\n\n\n qemu_fseek (wav->f, 4, SEEK_SET);\n\n qemu_put_buffer (wav->f, rlen, 4);\n\n\n\n qemu_fseek (wav->f, 32, SEEK_CUR);\n\n qemu_put_buffer (wav->f, dlen, 4);\n\n qemu_fclose (wav->f);\n\n if (wav->path) {\n\n qemu_free (wav->path);\n\n }\n\n}\n"}} | |
| {"sample_id": "7364dbdabb7824d5bde1e341bb6d928282f01c83_3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,21 +4,21 @@\n \n const void *val;\n \n+ int err;\n \n int allow;\n \n+\n \n err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val);\n+\n if (err != SASL_OK) {\n \n+ VNC_DEBUG(\"cannot query SASL username on connection %d (%s), denying access\\n\",\n \n err, sasl_errstring(err, NULL, NULL));\n \n+ return -1;\n \n }\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-89", "target_file": "source.c", "files": {"source.c": "static int vnc_auth_sasl_check_access(VncState *vs)\n\n{\n\n const void *val;\n\n int err;\n\n int allow;\n\n\n\n err = sasl_getprop(vs->sasl.conn, SASL_USERNAME, &val);\n\n if (err != SASL_OK) {\n\n VNC_DEBUG(\"cannot query SASL username on connection %d (%s), denying access\\n\",\n\n err, sasl_errstring(err, NULL, NULL));\n\n return -1;\n\n }\n\n if (val == NULL) {\n\n VNC_DEBUG(\"no client username was found, denying access\\n\");\n\n return -1;\n\n }\n\n VNC_DEBUG(\"SASL client username %s\\n\", (const char *)val);\n\n\n\n vs->sasl.username = g_strdup((const char*)val);\n\n\n\n if (vs->vd->sasl.acl == NULL) {\n\n VNC_DEBUG(\"no ACL activated, allowing access\\n\");\n\n return 0;\n\n }\n\n\n\n allow = qemu_acl_party_is_allowed(vs->vd->sasl.acl, vs->sasl.username);\n\n\n\n VNC_DEBUG(\"SASL client %s %s by ACL\\n\", vs->sasl.username,\n\n allow ? \"allowed\" : \"denied\");\n\n return allow ? 0 : -1;\n\n}\n"}} | |
| {"sample_id": "5e39d89d20b17cf6fb7f09d181d34f17b2ae2160_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,7 +2,7 @@\n \n {\n \n+ char *cli;\n \n QDict *resp;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-89", "target_file": "source.c", "files": {"source.c": "static void test_query_cpus(const void *data)\n\n{\n\n char *cli;\n\n QDict *resp;\n\n QList *cpus;\n\n const QObject *e;\n\n\n\n cli = make_cli(data, \"-smp 8 -numa node,cpus=0-3 -numa node,cpus=4-7\");\n\n qtest_start(cli);\n\n cpus = get_cpus(&resp);\n\n g_assert(cpus);\n\n\n\n while ((e = qlist_pop(cpus))) {\n\n QDict *cpu, *props;\n\n int64_t cpu_idx, node;\n\n\n\n cpu = qobject_to_qdict(e);\n\n g_assert(qdict_haskey(cpu, \"CPU\"));\n\n g_assert(qdict_haskey(cpu, \"props\"));\n\n\n\n cpu_idx = qdict_get_int(cpu, \"CPU\");\n\n props = qdict_get_qdict(cpu, \"props\");\n\n g_assert(qdict_haskey(props, \"node-id\"));\n\n node = qdict_get_int(props, \"node-id\");\n\n if (cpu_idx >= 0 && cpu_idx < 4) {\n\n g_assert_cmpint(node, ==, 0);\n\n } else {\n\n g_assert_cmpint(node, ==, 1);\n\n }\n\n }\n\n\n\n QDECREF(resp);\n\n qtest_end();\n\n g_free(cli);\n\n}\n"}} | |
| {"sample_id": "fccd85b9f30525f88692f53134eba41f1f2d90db", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,7 +2,7 @@\n \n int *need_next_header, int *new_frame_start)\n \n+{\n \n int err;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-89", "target_file": "source.c", "files": {"source.c": "static int ac3_sync(uint64_t state, AACAC3ParseContext *hdr_info,\n\n int *need_next_header, int *new_frame_start)\n\n{\n\n int err;\n\n union {\n\n uint64_t u64;\n\n uint8_t u8[8];\n\n } tmp = { av_be2ne64(state) };\n\n AC3HeaderInfo hdr, *phdr = &hdr;\n\n GetBitContext gbc;\n\n\n\n init_get_bits(&gbc, tmp.u8+8-AC3_HEADER_SIZE, 54);\n\n err = avpriv_ac3_parse_header2(&gbc, &phdr);\n\n\n\n if(err < 0)\n\n return 0;\n\n\n\n hdr_info->sample_rate = hdr.sample_rate;\n\n hdr_info->bit_rate = hdr.bit_rate;\n\n hdr_info->channels = hdr.channels;\n\n hdr_info->channel_layout = hdr.channel_layout;\n\n hdr_info->samples = hdr.num_blocks * 256;\n\n hdr_info->service_type = hdr.bitstream_mode;\n\n if (hdr.bitstream_mode == 0x7 && hdr.channels > 1)\n\n hdr_info->service_type = AV_AUDIO_SERVICE_TYPE_KARAOKE;\n\n if(hdr.bitstream_id>10)\n\n hdr_info->codec_id = AV_CODEC_ID_EAC3;\n\n else if (hdr_info->codec_id == AV_CODEC_ID_NONE)\n\n hdr_info->codec_id = AV_CODEC_ID_AC3;\n\n\n\n *need_next_header = (hdr.frame_type != EAC3_FRAME_TYPE_AC3_CONVERT);\n\n *new_frame_start = (hdr.frame_type != EAC3_FRAME_TYPE_DEPENDENT);\n\n return hdr.frame_size;\n\n}\n"}} | |
| {"sample_id": "0cbad81f70546b58f08de3225f1eca7a8b869b09", "diff": "--- a/source.c\n+++ b/source.c\n@@ -21,11 +21,11 @@\n /* Only override when we know what the host supports */\n \n alter_insns(&pcc->insns_flags, PPC_ALTIVEC, vmx > 0);\n+\n+ alter_insns(&pcc->insns_flags2, PPC2_VSX, vmx > 1);\n+\n+ }\n+\n if (dfp != -1) {\n \n /* Only override when we know what the host supports */", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-89", "target_file": "source.c", "files": {"source.c": "static void kvmppc_host_cpu_class_init(ObjectClass *oc, void *data)\n\n{\n\n PowerPCCPUClass *pcc = POWERPC_CPU_CLASS(oc);\n\n uint32_t vmx = kvmppc_get_vmx();\n\n uint32_t dfp = kvmppc_get_dfp();\n\n\n\n\n\n /* Now fix up the class with information we can query from the host */\n\n\n\n if (vmx != -1) {\n\n /* Only override when we know what the host supports */\n\n alter_insns(&pcc->insns_flags, PPC_ALTIVEC, vmx > 0);\n\n alter_insns(&pcc->insns_flags2, PPC2_VSX, vmx > 1);\n\n }\n\n if (dfp != -1) {\n\n /* Only override when we know what the host supports */\n\n alter_insns(&pcc->insns_flags2, PPC2_DFP, dfp);\n\n }\n\n\n\n if (dcache_size != -1) {\n\n pcc->l1_dcache_size = dcache_size;\n\n }\n\n\n\n if (icache_size != -1) {\n\n pcc->l1_icache_size = icache_size;\n\n }\n\n}"}} | |
| {"sample_id": "1f95fb58137951941d8d74bd47b1635b6d2399ec", "diff": "--- a/source.c\n+++ b/source.c\n@@ -6,9 +6,9 @@\n if (s->streams[0]->codec->pix_fmt == PIX_FMT_YUV411P) {\n av_log(s, AV_LOG_ERROR, \"Warning: generating rarely used 4:1:1 YUV stream, some mjpegtools might not work.\\n\");\n else if ((s->streams[0]->codec->pix_fmt != PIX_FMT_YUV420P) &&\n+ (s->streams[0]->codec->pix_fmt != PIX_FMT_YUV422P) &&\n+ (s->streams[0]->codec->pix_fmt != PIX_FMT_GRAY8) &&\n+ (s->streams[0]->codec->pix_fmt != PIX_FMT_YUV444P)) {\n av_log(s, AV_LOG_ERROR, \"ERROR: yuv4mpeg only handles yuv444p, yuv422p, yuv420p, yuv411p and gray pixel formats. Use -pix_fmt to select one.\\n\");\n return AVERROR(EIO);\n *first_pkt = 1;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-89", "target_file": "source.c", "files": {"source.c": "static int yuv4_write_header(AVFormatContext *s)\n{\n int* first_pkt = s->priv_data;\n if (s->nb_streams != 1)\n return AVERROR(EIO);\n if (s->streams[0]->codec->pix_fmt == PIX_FMT_YUV411P) {\n av_log(s, AV_LOG_ERROR, \"Warning: generating rarely used 4:1:1 YUV stream, some mjpegtools might not work.\\n\");\n else if ((s->streams[0]->codec->pix_fmt != PIX_FMT_YUV420P) &&\n (s->streams[0]->codec->pix_fmt != PIX_FMT_YUV422P) &&\n (s->streams[0]->codec->pix_fmt != PIX_FMT_GRAY8) &&\n (s->streams[0]->codec->pix_fmt != PIX_FMT_YUV444P)) {\n av_log(s, AV_LOG_ERROR, \"ERROR: yuv4mpeg only handles yuv444p, yuv422p, yuv420p, yuv411p and gray pixel formats. Use -pix_fmt to select one.\\n\");\n return AVERROR(EIO);\n *first_pkt = 1;\n return 0;"}} | |
| {"sample_id": "ee71c984342408a357a74f65915bf66484ba445a", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,7 +2,7 @@\n \n uint64_t value, unsigned size)\n \n+{\n \n icp_pit_state *s = (icp_pit_state *)opaque;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static void icp_pit_write(void *opaque, target_phys_addr_t offset,\n\n uint64_t value, unsigned size)\n\n{\n\n icp_pit_state *s = (icp_pit_state *)opaque;\n\n int n;\n\n\n\n n = offset >> 8;\n\n if (n > 3) {\n\n hw_error(\"sp804_write: Bad timer %d\\n\", n);\n\n }\n\n\n\n arm_timer_write(s->timer[n], offset & 0xff, value);\n\n}\n"}} | |
| {"sample_id": "2caf19e90f270abe1e80a3e85acaf0eb5c9d0aac_10", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n static void FUNCC(pred4x4_128_dc)(uint8_t *_src, const uint8_t *topright, int _stride){\n \n pixel *src = (pixel*)_src;\n+\n int stride = _stride/sizeof(pixel);\n \n ((pixel4*)(src+0*stride))[0]=", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static void FUNCC(pred4x4_128_dc)(uint8_t *_src, const uint8_t *topright, int _stride){\n\n pixel *src = (pixel*)_src;\n\n int stride = _stride/sizeof(pixel);\n\n ((pixel4*)(src+0*stride))[0]=\n\n ((pixel4*)(src+1*stride))[0]=\n\n ((pixel4*)(src+2*stride))[0]=\n\n ((pixel4*)(src+3*stride))[0]= PIXEL_SPLAT_X4(1<<(BIT_DEPTH-1));\n\n}\n"}} | |
| {"sample_id": "f45cb2f43f5bb0a4122a64e61c746048b59a84ed", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n static void sync_c0_tcstatus(CPUMIPSState *cpu, int tc,\n \n target_ulong v)\n+\n {\n \n uint32_t status;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static void sync_c0_tcstatus(CPUMIPSState *cpu, int tc,\n\n target_ulong v)\n\n{\n\n uint32_t status;\n\n uint32_t tcu, tmx, tasid, tksu;\n\n uint32_t mask = ((1 << CP0St_CU3)\n\n | (1 << CP0St_CU2)\n\n | (1 << CP0St_CU1)\n\n | (1 << CP0St_CU0)\n\n | (1 << CP0St_MX)\n\n | (3 << CP0St_KSU));\n\n\n\n tcu = (v >> CP0TCSt_TCU0) & 0xf;\n\n tmx = (v >> CP0TCSt_TMX) & 0x1;\n\n tasid = v & 0xff;\n\n tksu = (v >> CP0TCSt_TKSU) & 0x3;\n\n\n\n status = tcu << CP0St_CU0;\n\n status |= tmx << CP0St_MX;\n\n status |= tksu << CP0St_KSU;\n\n\n\n cpu->CP0_Status &= ~mask;\n\n cpu->CP0_Status |= status;\n\n\n\n /* Sync the TASID with EntryHi. */\n\n cpu->CP0_EntryHi &= ~0xff;\n\n cpu->CP0_EntryHi = tasid;\n\n\n\n compute_hflags(cpu);\n\n}\n"}} | |
| {"sample_id": "b5eff355460643d09e533024360fe0522f368c07", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n+static int bdrv_rd_badreq_bytes(BlockDriverState *bs,\n+\n+ int64_t offset, int count)\n \n {\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static int bdrv_rd_badreq_bytes(BlockDriverState *bs,\n\n int64_t offset, int count)\n\n{\n\n int64_t size = bs->total_sectors << SECTOR_BITS;\n\n return\n\n count < 0 ||\n\n size < 0 ||\n\n count > size ||\n\n offset > size - count;\n\n}\n"}} | |
| {"sample_id": "c3e10c7b4377c1cbc0a4fbc12312c2cf41c0cda7_3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n void do_addmeo (void)\n \n {\n+\n+ T1 = T0;\n \n+ T0 += xer_ca + (-1);\n+\n if (likely(!((uint32_t)T1 &\n \n ((uint32_t)T1 ^ (uint32_t)T0) & (1UL << 31)))) {", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "void do_addmeo (void)\n\n{\n\n T1 = T0;\n\n T0 += xer_ca + (-1);\n\n if (likely(!((uint32_t)T1 &\n\n ((uint32_t)T1 ^ (uint32_t)T0) & (1UL << 31)))) {\n\n xer_ov = 0;\n\n } else {\n\n xer_ov = 1;\n\n xer_so = 1;\n\n }\n\n if (likely(T1 != 0))\n\n xer_ca = 1;\n\n}\n"}} | |
| {"sample_id": "2e3883d03df167b15f2acc5345eb9a7e0150a062", "diff": "--- a/source.c\n+++ b/source.c\n@@ -70,8 +70,8 @@\n \n \t--cur_byte;\n \n+ }\n+\n+ return result;\n+\n+}", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "get_field (const unsigned char *data, enum floatformat_byteorders order,\n\n unsigned int total_len, unsigned int start, unsigned int len)\n\n{\n\n unsigned long result;\n\n unsigned int cur_byte;\n\n int cur_bitshift;\n\n\n\n /* Start at the least significant part of the field. */\n\n cur_byte = (start + len) / FLOATFORMAT_CHAR_BIT;\n\n if (order == floatformat_little)\n\n cur_byte = (total_len / FLOATFORMAT_CHAR_BIT) - cur_byte - 1;\n\n cur_bitshift =\n\n ((start + len) % FLOATFORMAT_CHAR_BIT) - FLOATFORMAT_CHAR_BIT;\n\n result = *(data + cur_byte) >> (-cur_bitshift);\n\n cur_bitshift += FLOATFORMAT_CHAR_BIT;\n\n if (order == floatformat_little)\n\n ++cur_byte;\n\n else\n\n --cur_byte;\n\n\n\n /* Move towards the most significant part of the field. */\n\n while ((unsigned int) cur_bitshift < len)\n\n {\n\n if (len - cur_bitshift < FLOATFORMAT_CHAR_BIT)\n\n\t/* This is the last byte; zero out the bits which are not part of\n\n\t this field. */\n\n\tresult |=\n\n\t (*(data + cur_byte) & ((1 << (len - cur_bitshift)) - 1))\n\n\t << cur_bitshift;\n\n else\n\n\tresult |= *(data + cur_byte) << cur_bitshift;\n\n cur_bitshift += FLOATFORMAT_CHAR_BIT;\n\n if (order == floatformat_little)\n\n\t++cur_byte;\n\n else\n\n\t--cur_byte;\n\n }\n\n return result;\n\n}\n"}} | |
| {"sample_id": "52cfcb464255b4da5115408e2a6ce3327bbcb9df_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -10,11 +10,11 @@\n \n error_setg(errp, \"filter filter mirror needs 'outdev' \"\n \n+ \"property set\");\n+\n+ return;\n+\n+ }\n \n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void filter_mirror_setup(NetFilterState *nf, Error **errp)\n\n{\n\n MirrorState *s = FILTER_MIRROR(nf);\n\n\n\n if (!s->outdev) {\n\n error_setg(errp, \"filter filter mirror needs 'outdev' \"\n\n \"property set\");\n\n return;\n\n }\n\n\n\n s->chr_out = qemu_chr_find(s->outdev);\n\n if (s->chr_out == NULL) {\n\n error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,\n\n \"Device '%s' not found\", s->outdev);\n\n return;\n\n }\n\n\n\n if (qemu_chr_fe_claim(s->chr_out) != 0) {\n\n error_setg(errp, QERR_DEVICE_IN_USE, s->outdev);\n\n return;\n\n }\n\n}\n"}} | |
| {"sample_id": "4295e15aa730a95003a3639d6dad2eb1e65a59e2_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -19,11 +19,11 @@\n #endif\n \n } else {\n+\n+ qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id);\n+\n+ qxl_spice_destroy_surface_wait_complete(qxl, id);\n+\n }\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void qxl_spice_destroy_surface_wait(PCIQXLDevice *qxl, uint32_t id,\n\n qxl_async_io async)\n\n{\n\n if (async) {\n\n#if SPICE_INTERFACE_QXL_MINOR < 1\n\n abort();\n\n#else\n\n spice_qxl_destroy_surface_async(&qxl->ssd.qxl, id,\n\n (uint64_t)id);\n\n#endif\n\n } else {\n\n qxl->ssd.worker->destroy_surface_wait(qxl->ssd.worker, id);\n\n qxl_spice_destroy_surface_wait_complete(qxl, id);\n\n }\n\n}\n"}} | |
| {"sample_id": "1ff5c1a68e2784722b66ecc40e30908e87e28a3b", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n static void sdl_resize(DisplayState *ds, int w, int h)\n \n {\n+\n+ int flags;\n+\n+\n+\n // printf(\"resizing to %d %d\\n\", w, h);\n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void sdl_resize(DisplayState *ds, int w, int h)\n\n{\n\n int flags;\n\n\n\n // printf(\"resizing to %d %d\\n\", w, h);\n\n\n\n flags = SDL_HWSURFACE|SDL_ASYNCBLIT|SDL_HWACCEL;\n\n flags |= SDL_RESIZABLE;\n\n if (gui_fullscreen)\n\n flags |= SDL_FULLSCREEN;\n\n screen = SDL_SetVideoMode(w, h, 0, flags);\n\n if (!screen) {\n\n fprintf(stderr, \"Could not open SDL display\\n\");\n\n exit(1);\n\n }\n\n ds->data = screen->pixels;\n\n ds->linesize = screen->pitch;\n\n ds->depth = screen->format->BitsPerPixel;\n\n ds->width = w;\n\n ds->height = h;\n\n}\n"}} | |
| {"sample_id": "465e1dadbef7596a3eb87089a66bb4ecdc26d3c4_5", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,7 +3,7 @@\n s->checksum= s->update_checksum(s->checksum, s->checksum_ptr, s->buf_ptr - s->checksum_ptr);\n \n s->checksum_ptr= NULL;\n+\n+ return s->checksum;\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "unsigned long get_checksum(ByteIOContext *s){\n\n s->checksum= s->update_checksum(s->checksum, s->checksum_ptr, s->buf_ptr - s->checksum_ptr);\n\n s->checksum_ptr= NULL;\n\n return s->checksum;\n\n}\n"}} | |
| {"sample_id": "8360544a6d3a54df1fce80f55ba4ad075a8ded54_2", "diff": "--- a/source.c\n+++ b/source.c\n@@ -8,11 +8,11 @@\n \n uint8_t v;\n \n+ if (port < s->pio.size) {\n+\n+ v = readb(s->pio_cpu_base + port);\n+\n+ } else {\n \n v = readb(s->mmio_cpu_base + port);\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static uint8_t qpci_spapr_io_readb(QPCIBus *bus, void *addr)\n\n{\n\n QPCIBusSPAPR *s = container_of(bus, QPCIBusSPAPR, bus);\n\n uint64_t port = (uintptr_t)addr;\n\n uint8_t v;\n\n if (port < s->pio.size) {\n\n v = readb(s->pio_cpu_base + port);\n\n } else {\n\n v = readb(s->mmio_cpu_base + port);\n\n }\n\n return v;\n\n}\n"}} | |
| {"sample_id": "49dfcec40349245ad365964468b67e132c3cedc7", "diff": "--- a/source.c\n+++ b/source.c\n@@ -8,10 +8,10 @@\n \n tb_invalidate_phys_range(addr, addr + length, 0);\n \n+ cpu_physical_memory_set_dirty_range_nocode(addr, length);\n+\n+ }\n+\n xen_modified_memory(addr, length);\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void invalidate_and_set_dirty(hwaddr addr,\n\n hwaddr length)\n\n{\n\n if (cpu_physical_memory_range_includes_clean(addr, length)) {\n\n tb_invalidate_phys_range(addr, addr + length, 0);\n\n cpu_physical_memory_set_dirty_range_nocode(addr, length);\n\n }\n\n xen_modified_memory(addr, length);\n\n}\n"}} | |
| {"sample_id": "560e63965232e37d1916a447125cf91c18a96930_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,9 +4,9 @@\n \n ar->wakeup.notify = acpi_notify_wakeup;\n \n+ qemu_register_wakeup_notifier(&ar->wakeup);\n+\n+ memory_region_init_io(&ar->pm1.cnt.io, &acpi_pm_cnt_ops, ar, \"acpi-cnt\", 2);\n \n memory_region_add_subregion(parent, 4, &ar->pm1.cnt.io);\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void acpi_pm1_cnt_init(ACPIREGS *ar, MemoryRegion *parent)\n\n{\n\n ar->wakeup.notify = acpi_notify_wakeup;\n\n qemu_register_wakeup_notifier(&ar->wakeup);\n\n memory_region_init_io(&ar->pm1.cnt.io, &acpi_pm_cnt_ops, ar, \"acpi-cnt\", 2);\n\n memory_region_add_subregion(parent, 4, &ar->pm1.cnt.io);\n\n}\n"}} | |
| {"sample_id": "659d4ba5af5d72716ee370bb367c741bd15e75b4_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -14,11 +14,11 @@\n \n \n \n+ \"movq %%mm3, %1 \\n\\t\"\n+\n+ \"movq %%mm4, %2 \\n\\t\"\n+\n+ \"movq %%mm5, %0 \\n\\t\"\n \n \"movq %%mm6, %3 \\n\\t\"\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void h263_v_loop_filter_mmx(uint8_t *src, int stride, int qscale)\n\n{\n\n if (CONFIG_H263_DECODER || CONFIG_H263_ENCODER) {\n\n const int strength = ff_h263_loop_filter_strength[qscale];\n\n\n\n __asm__ volatile (\n\n H263_LOOP_FILTER\n\n\n\n \"movq %%mm3, %1 \\n\\t\"\n\n \"movq %%mm4, %2 \\n\\t\"\n\n \"movq %%mm5, %0 \\n\\t\"\n\n \"movq %%mm6, %3 \\n\\t\"\n\n : \"+m\"(*(uint64_t*)(src - 2 * stride)),\n\n \"+m\"(*(uint64_t*)(src - 1 * stride)),\n\n \"+m\"(*(uint64_t*)(src + 0 * stride)),\n\n \"+m\"(*(uint64_t*)(src + 1 * stride))\n\n : \"g\"(2 * strength), \"m\"(ff_pb_FC)\n\n );\n\n }\n\n}\n"}} | |
| {"sample_id": "61007b316cd71ee7333ff7a0a749a8949527575f_65", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,11 +12,11 @@\n \n }\n \n+ /* bbbb aaaa */\n+\n+ if (req->overlap_offset >= offset + bytes) {\n+\n+ return false;\n \n }\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static bool tracked_request_overlaps(BdrvTrackedRequest *req,\n\n int64_t offset, unsigned int bytes)\n\n{\n\n /* aaaa bbbb */\n\n if (offset >= req->overlap_offset + req->overlap_bytes) {\n\n return false;\n\n }\n\n /* bbbb aaaa */\n\n if (req->overlap_offset >= offset + bytes) {\n\n return false;\n\n }\n\n return true;\n\n}\n"}} | |
| {"sample_id": "751ebd76e654bd1e65da08ecf694325282b4cfcc", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n void block_job_pause(BlockJob *job)\n \n+{\n \n job->paused = true;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void block_job_pause(BlockJob *job)\n\n{\n\n job->paused = true;\n\n}\n"}} | |
| {"sample_id": "74bd0cf49c9c0bee8d4f3d3a98a7343c2ff5b94c", "diff": "--- a/source.c\n+++ b/source.c\n@@ -53,11 +53,11 @@\n wctx->nb_section_packet_frame : wctx->nb_item[wctx->level-1];\n \n av_bprintf(&buf, \".%d\", n);\n+\n+ }\n+\n+\n+\n if (!(section->flags & (SECTION_FLAG_IS_ARRAY|SECTION_FLAG_IS_WRAPPER)))\n \n printf(\"[%s]\\n\", buf.str);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void ini_print_section_header(WriterContext *wctx)\n\n{\n\n INIContext *ini = wctx->priv;\n\n AVBPrint buf;\n\n int i;\n\n const struct section *section = wctx->section[wctx->level];\n\n const struct section *parent_section = wctx->level ?\n\n wctx->section[wctx->level-1] : NULL;\n\n\n\n av_bprint_init(&buf, 1, AV_BPRINT_SIZE_UNLIMITED);\n\n if (wctx->level == 0) {\n\n printf(\"# ffprobe output\\n\\n\");\n\n return;\n\n }\n\n\n\n if (wctx->nb_item[wctx->level-1])\n\n printf(\"\\n\");\n\n\n\n for (i = 1; i <= wctx->level; i++) {\n\n if (ini->hierarchical ||\n\n !(section->flags & (SECTION_FLAG_IS_ARRAY|SECTION_FLAG_IS_WRAPPER)))\n\n av_bprintf(&buf, \"%s%s\", i>1 ? \".\" : \"\", wctx->section[i]->name);\n\n }\n\n\n\n if (parent_section->flags & SECTION_FLAG_IS_ARRAY) {\n\n int n = parent_section->id == SECTION_ID_PACKETS_AND_FRAMES ?\n\n wctx->nb_section_packet_frame : wctx->nb_item[wctx->level-1];\n\n av_bprintf(&buf, \".%d\", n);\n\n }\n\n\n\n if (!(section->flags & (SECTION_FLAG_IS_ARRAY|SECTION_FLAG_IS_WRAPPER)))\n\n printf(\"[%s]\\n\", buf.str);\n\n av_bprint_finalize(&buf, NULL);\n\n}\n"}} | |
| {"sample_id": "c2b38b277a7882a592f4f2ec955084b2b756daaa_27", "diff": "--- a/source.c\n+++ b/source.c\n@@ -9,9 +9,9 @@\n QLIST_REMOVE(timer_list, list);\n \n }\n+\n+ qemu_mutex_destroy(&timer_list->active_timers_lock);\n+\n+ g_free(timer_list);\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void timerlist_free(QEMUTimerList *timer_list)\n\n{\n\n assert(!timerlist_has_timers(timer_list));\n\n if (timer_list->clock) {\n\n QLIST_REMOVE(timer_list, list);\n\n }\n\n qemu_mutex_destroy(&timer_list->active_timers_lock);\n\n g_free(timer_list);\n\n}\n"}} | |
| {"sample_id": "a8170e5e97ad17ca169c64ba87ae2f53850dab4c_187", "diff": "--- a/source.c\n+++ b/source.c\n@@ -6,10 +6,10 @@\n \n uint32_t val;\n \n+ PCIBonitoState *s = opaque;\n+\n+\n+\n val = ((uint32_t *)(&s->bonldma))[addr/sizeof(uint32_t)];\n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static uint64_t bonito_ldma_readl(void *opaque, target_phys_addr_t addr,\n\n unsigned size)\n\n{\n\n uint32_t val;\n\n PCIBonitoState *s = opaque;\n\n\n\n val = ((uint32_t *)(&s->bonldma))[addr/sizeof(uint32_t)];\n\n\n\n return val;\n\n}\n"}} | |
| {"sample_id": "67fa02ed794f9505bd9c3584c14bfb61c895f5bc_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,5 +1,5 @@\n static inline void celt_encode_pulses(OpusRangeCoder *rc, int *y, uint32_t N, uint32_t K)\n+\n {\n \n ff_opus_rc_enc_uint(rc, celt_icwrsi(N, y), CELT_PVQ_V(N, K));", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static inline void celt_encode_pulses(OpusRangeCoder *rc, int *y, uint32_t N, uint32_t K)\n\n{\n\n ff_opus_rc_enc_uint(rc, celt_icwrsi(N, y), CELT_PVQ_V(N, K));\n\n}\n"}} | |
| {"sample_id": "a3adb7ad3bd9c517d569e7e23b249e7f7d616015", "diff": "--- a/source.c\n+++ b/source.c\n@@ -34,10 +34,10 @@\n \n \"When using -nographic, press 'ctrl-a h' to get some help.\\n\",\n \n+ error_get_progname(),\n+\n+ options_help);\n+\n+ exit(exitcode);\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void help(int exitcode)\n\n{\n\n const char *options_help =\n\n#define QEMU_OPTIONS_GENERATE_HELP\n\n#include \"qemu-options-wrapper.h\"\n\n ;\n\n version();\n\n printf(\"usage: %s [options] [disk_image]\\n\"\n\n \"\\n\"\n\n \"'disk_image' is a raw hard disk image for IDE hard disk 0\\n\"\n\n \"\\n\"\n\n \"%s\\n\"\n\n \"During emulation, the following keys are useful:\\n\"\n\n \"ctrl-alt-f toggle full screen\\n\"\n\n \"ctrl-alt-n switch to virtual console 'n'\\n\"\n\n \"ctrl-alt toggle mouse and keyboard grab\\n\"\n\n \"\\n\"\n\n \"When using -nographic, press 'ctrl-a h' to get some help.\\n\",\n\n error_get_progname(),\n\n options_help);\n\n exit(exitcode);\n\n}\n"}} | |
| {"sample_id": "b3db211f3c80bb996a704d665fe275619f728bd4_16", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,8 +2,8 @@\n \n const void *unused)\n \n+{\n+\n test_native_list_integer_helper(data, unused,\n \n USER_DEF_NATIVE_LIST_UNION_KIND_U32);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void test_visitor_in_native_list_uint32(TestInputVisitorData *data,\n\n const void *unused)\n\n{\n\n test_native_list_integer_helper(data, unused,\n\n USER_DEF_NATIVE_LIST_UNION_KIND_U32);\n\n}\n"}} | |
| {"sample_id": "b3db211f3c80bb996a704d665fe275619f728bd4_62", "diff": "--- a/source.c\n+++ b/source.c\n@@ -11,11 +11,11 @@\n \n \n if (data->qiv) {\n+\n+ visit_free(data->qiv);\n+\n+ data->qiv = NULL;\n+\n }\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void validate_teardown(TestInputVisitorData *data,\n\n const void *unused)\n\n{\n\n qobject_decref(data->obj);\n\n data->obj = NULL;\n\n\n\n if (data->qiv) {\n\n visit_free(data->qiv);\n\n data->qiv = NULL;\n\n }\n\n}\n"}} | |
| {"sample_id": "72cf2d4f0e181d0d3a3122e04129c58a95da713e_94", "diff": "--- a/source.c\n+++ b/source.c\n@@ -40,11 +40,11 @@\n \n i++;\n \n+ if (i == index) {\n+\n+ TAILQ_INSERT_BEFORE(tmp, entry, next);\n+\n+ acl->nentries++;\n \n break;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "int qemu_acl_insert(qemu_acl *acl,\n\n int deny,\n\n const char *match,\n\n int index)\n\n{\n\n qemu_acl_entry *entry;\n\n qemu_acl_entry *tmp;\n\n int i = 0;\n\n\n\n if (index <= 0)\n\n return -1;\n\n if (index >= acl->nentries)\n\n return qemu_acl_append(acl, deny, match);\n\n\n\n\n\n entry = qemu_malloc(sizeof(*entry));\n\n entry->match = qemu_strdup(match);\n\n entry->deny = deny;\n\n\n\n TAILQ_FOREACH(tmp, &acl->entries, next) {\n\n i++;\n\n if (i == index) {\n\n TAILQ_INSERT_BEFORE(tmp, entry, next);\n\n acl->nentries++;\n\n break;\n\n }\n\n }\n\n\n\n return i;\n\n}\n"}} | |
| {"sample_id": "13a099799e89a76eb921ca452e1b04a7a28a9855_15", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,11 +3,11 @@\n const int16_t *chrUSrc, const int16_t *chrVSrc,\n \n const int16_t *alpSrc,\n+\n+ uint8_t *dest, uint8_t *uDest, uint8_t *vDest,\n+\n+ uint8_t *aDest, int dstW, int chrDstW)\n+\n {\n \n int p= 4;", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void RENAME(yuv2yuv1_ar)(SwsContext *c, const int16_t *lumSrc,\n\n const int16_t *chrUSrc, const int16_t *chrVSrc,\n\n const int16_t *alpSrc,\n\n uint8_t *dest, uint8_t *uDest, uint8_t *vDest,\n\n uint8_t *aDest, int dstW, int chrDstW)\n\n{\n\n int p= 4;\n\n const int16_t *src[4]= { alpSrc + dstW, lumSrc + dstW, chrUSrc + chrDstW, chrVSrc + chrDstW };\n\n uint8_t *dst[4]= { aDest, dest, uDest, vDest };\n\n x86_reg counter[4]= { dstW, dstW, chrDstW, chrDstW };\n\n\n\n while (p--) {\n\n if (dst[p]) {\n\n __asm__ volatile(\n\n \"mov %2, %%\"REG_a\" \\n\\t\"\n\n \"pcmpeqw %%mm7, %%mm7 \\n\\t\"\n\n \"psrlw $15, %%mm7 \\n\\t\"\n\n \"psllw $6, %%mm7 \\n\\t\"\n\n \".p2align 4 \\n\\t\" /* FIXME Unroll? */\n\n \"1: \\n\\t\"\n\n \"movq (%0, %%\"REG_a\", 2), %%mm0 \\n\\t\"\n\n \"movq 8(%0, %%\"REG_a\", 2), %%mm1 \\n\\t\"\n\n \"paddsw %%mm7, %%mm0 \\n\\t\"\n\n \"paddsw %%mm7, %%mm1 \\n\\t\"\n\n \"psraw $7, %%mm0 \\n\\t\"\n\n \"psraw $7, %%mm1 \\n\\t\"\n\n \"packuswb %%mm1, %%mm0 \\n\\t\"\n\n MOVNTQ(%%mm0, (%1, %%REGa))\n\n \"add $8, %%\"REG_a\" \\n\\t\"\n\n \"jnc 1b \\n\\t\"\n\n :: \"r\" (src[p]), \"r\" (dst[p] + counter[p]),\n\n \"g\" (-counter[p])\n\n : \"%\"REG_a\n\n );\n\n }\n\n }\n\n}\n"}} | |
| {"sample_id": "37f51384ae05bd50f83308339dbffa3e78404874_4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -5,11 +5,11 @@\n bool notify_unmap)\n \n {\n+\n+ dma_addr_t addr = vtd_ce_get_slpt_base(ce);\n+\n+ uint32_t level = vtd_ce_get_level(ce);\n+\n \n \n if (!vtd_iova_range_check(start, ce)) {", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int vtd_page_walk(VTDContextEntry *ce, uint64_t start, uint64_t end,\n\n vtd_page_walk_hook hook_fn, void *private,\n\n bool notify_unmap)\n\n{\n\n dma_addr_t addr = vtd_ce_get_slpt_base(ce);\n\n uint32_t level = vtd_ce_get_level(ce);\n\n\n\n if (!vtd_iova_range_check(start, ce)) {\n\n return -VTD_FR_ADDR_BEYOND_MGAW;\n\n }\n\n\n\n if (!vtd_iova_range_check(end, ce)) {\n\n /* Fix end so that it reaches the maximum */\n\n end = vtd_iova_limit(ce);\n\n }\n\n\n\n return vtd_page_walk_level(addr, start, end, hook_fn, private,\n\n level, true, true, notify_unmap);\n\n}\n"}} | |
| {"sample_id": "1f01e50b8330c24714ddca5841fdbb703076b121_6", "diff": "--- a/source.c\n+++ b/source.c\n@@ -42,11 +42,11 @@\n \n }\n \n+\n+\n+ BLKDBG_EVENT(bs->file, BLKDBG_READ_AIO);\n+\n+ ret = bdrv_co_preadv(bs->file, offset, acb->cur_qiov.size,\n \n &acb->cur_qiov, 0);\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int coroutine_fn qed_aio_read_data(void *opaque, int ret,\n\n uint64_t offset, size_t len)\n\n{\n\n QEDAIOCB *acb = opaque;\n\n BDRVQEDState *s = acb_to_s(acb);\n\n BlockDriverState *bs = acb->bs;\n\n\n\n /* Adjust offset into cluster */\n\n offset += qed_offset_into_cluster(s, acb->cur_pos);\n\n\n\n trace_qed_aio_read_data(s, acb, ret, offset, len);\n\n\n\n qemu_iovec_concat(&acb->cur_qiov, acb->qiov, acb->qiov_offset, len);\n\n\n\n /* Handle zero cluster and backing file reads */\n\n if (ret == QED_CLUSTER_ZERO) {\n\n qemu_iovec_memset(&acb->cur_qiov, 0, 0, acb->cur_qiov.size);\n\n return 0;\n\n } else if (ret != QED_CLUSTER_FOUND) {\n\n return qed_read_backing_file(s, acb->cur_pos, &acb->cur_qiov,\n\n &acb->backing_qiov);\n\n }\n\n\n\n BLKDBG_EVENT(bs->file, BLKDBG_READ_AIO);\n\n ret = bdrv_co_preadv(bs->file, offset, acb->cur_qiov.size,\n\n &acb->cur_qiov, 0);\n\n if (ret < 0) {\n\n return ret;\n\n }\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "e046fb449947a48e013bf25d806ecb60e5a88319", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n static int io_channel_send_full(QIOChannel *ioc,\n \n const void *buf, size_t len,\n+\n+ int *fds, size_t nfds)\n+\n+{\n+\n size_t offset = 0;\n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int io_channel_send_full(QIOChannel *ioc,\n\n const void *buf, size_t len,\n\n int *fds, size_t nfds)\n\n{\n\n size_t offset = 0;\n\n\n\n while (offset < len) {\n\n ssize_t ret = 0;\n\n struct iovec iov = { .iov_base = (char *)buf + offset,\n\n .iov_len = len - offset };\n\n\n\n ret = qio_channel_writev_full(\n\n ioc, &iov, 1,\n\n fds, nfds, NULL);\n\n if (ret == QIO_CHANNEL_ERR_BLOCK) {\n\n errno = EAGAIN;\n\n return -1;\n\n } else if (ret < 0) {\n\n if (offset) {\n\n return offset;\n\n }\n\n\n\n errno = EINVAL;\n\n return -1;\n\n }\n\n\n\n offset += ret;\n\n }\n\n\n\n return offset;\n\n}\n"}} | |
| {"sample_id": "a8170e5e97ad17ca169c64ba87ae2f53850dab4c_258", "diff": "--- a/source.c\n+++ b/source.c\n@@ -49,11 +49,11 @@\n case 0x54: /* SCU Non-secure Access Control Register */\n \n /* unimplemented, fall through */\n+\n+ default:\n+\n+ return 0;\n+\n }\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static uint64_t a9_scu_read(void *opaque, target_phys_addr_t offset,\n\n unsigned size)\n\n{\n\n a9mp_priv_state *s = (a9mp_priv_state *)opaque;\n\n switch (offset) {\n\n case 0x00: /* Control */\n\n return s->scu_control;\n\n case 0x04: /* Configuration */\n\n return (((1 << s->num_cpu) - 1) << 4) | (s->num_cpu - 1);\n\n case 0x08: /* CPU Power Status */\n\n return s->scu_status;\n\n case 0x09: /* CPU status. */\n\n return s->scu_status >> 8;\n\n case 0x0a: /* CPU status. */\n\n return s->scu_status >> 16;\n\n case 0x0b: /* CPU status. */\n\n return s->scu_status >> 24;\n\n case 0x0c: /* Invalidate All Registers In Secure State */\n\n return 0;\n\n case 0x40: /* Filtering Start Address Register */\n\n case 0x44: /* Filtering End Address Register */\n\n /* RAZ/WI, like an implementation with only one AXI master */\n\n return 0;\n\n case 0x50: /* SCU Access Control Register */\n\n case 0x54: /* SCU Non-secure Access Control Register */\n\n /* unimplemented, fall through */\n\n default:\n\n return 0;\n\n }\n\n}\n"}} | |
| {"sample_id": "9d4c0f4f0a71e74fd7e04d73620268484d693adf_4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -22,11 +22,11 @@\n \n if (spapr_drc_type(drc) != SPAPR_DR_CONNECTOR_TYPE_PCI &&\n \n+ drc->allocation_state != SPAPR_DR_ALLOCATION_STATE_UNUSABLE) {\n+\n+ trace_spapr_drc_awaiting_unusable(spapr_drc_index(drc));\n+\n+ return;\n \n }\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void spapr_drc_detach(sPAPRDRConnector *drc)\n\n{\n\n trace_spapr_drc_detach(spapr_drc_index(drc));\n\n\n\n drc->unplug_requested = true;\n\n\n\n if (drc->isolation_state != SPAPR_DR_ISOLATION_STATE_ISOLATED) {\n\n trace_spapr_drc_awaiting_isolated(spapr_drc_index(drc));\n\n return;\n\n }\n\n\n\n if (spapr_drc_type(drc) != SPAPR_DR_CONNECTOR_TYPE_PCI &&\n\n drc->allocation_state != SPAPR_DR_ALLOCATION_STATE_UNUSABLE) {\n\n trace_spapr_drc_awaiting_unusable(spapr_drc_index(drc));\n\n return;\n\n }\n\n\n\n spapr_drc_release(drc);\n\n}\n"}} | |
| {"sample_id": "e3f5ec2b5e92706e3b807059f79b1fb5d936e567_18", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n int qemu_can_send_packet(VLANClientState *sender)\n+\n+{\n+\n+ VLANState *vlan = sender->vlan;\n+\n VLANClientState *vc;\n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "int qemu_can_send_packet(VLANClientState *sender)\n\n{\n\n VLANState *vlan = sender->vlan;\n\n VLANClientState *vc;\n\n\n\n for (vc = vlan->first_client; vc != NULL; vc = vc->next) {\n\n if (vc == sender) {\n\n continue;\n\n }\n\n\n\n /* no can_receive() handler, they can always receive */\n\n if (!vc->can_receive || vc->can_receive(vc->opaque)) {\n\n return 1;\n\n }\n\n }\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "a89f364ae8740dfc31b321eed9ee454e996dc3c1_24", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n static void tc6393xb_gpio_set(void *opaque, int line, int level)\n \n {\n+\n+// TC6393xbState *s = opaque;\n+\n+\n+\n if (line > TC6393XB_GPIOS) {\n \n printf(\"%s: No GPIO pin %i\\n\", __FUNCTION__, line);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void tc6393xb_gpio_set(void *opaque, int line, int level)\n\n{\n\n// TC6393xbState *s = opaque;\n\n\n\n if (line > TC6393XB_GPIOS) {\n\n printf(\"%s: No GPIO pin %i\\n\", __FUNCTION__, line);\n\n return;\n\n }\n\n\n\n // FIXME: how does the chip reflect the GPIO input level change?\n\n}\n"}} | |
| {"sample_id": "c2b38b277a7882a592f4f2ec955084b2b756daaa_30", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,5 +1,5 @@\n static void event_notifier_dummy_cb(EventNotifier *e)\n+\n {\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void event_notifier_dummy_cb(EventNotifier *e)\n\n{\n\n}\n"}} | |
| {"sample_id": "cdbf6e165988ab9d7c01da03b9e27bb8ac0c76aa_2", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n static gboolean pty_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)\n+\n+{\n+\n+ CharDriverState *chr = opaque;\n+\n PtyCharDriver *s = chr->opaque;\n \n gsize size, len;", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static gboolean pty_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)\n\n{\n\n CharDriverState *chr = opaque;\n\n PtyCharDriver *s = chr->opaque;\n\n gsize size, len;\n\n uint8_t buf[READ_BUF_LEN];\n\n GIOStatus status;\n\n\n\n len = sizeof(buf);\n\n if (len > s->read_bytes)\n\n len = s->read_bytes;\n\n if (len == 0)\n\n return FALSE;\n\n status = g_io_channel_read_chars(s->fd, (gchar *)buf, len, &size, NULL);\n\n if (status != G_IO_STATUS_NORMAL) {\n\n pty_chr_state(chr, 0);\n\n return FALSE;\n\n } else {\n\n pty_chr_state(chr, 1);\n\n qemu_chr_be_write(chr, buf, size);\n\n }\n\n return TRUE;\n\n}\n"}} | |
| {"sample_id": "fae2afb10e3fdceab612c62a2b1e8b944ff578d9_3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -10,11 +10,11 @@\n \n qxl_name(qxl_cursor_cmd, cmd->type));\n \n+ switch (cmd->type) {\n+\n+ case QXL_CURSOR_SET:\n+\n+ fprintf(stderr, \" +%d+%d visible %s, shape @ 0x%\" PRIx64,\n \n cmd->u.set.position.x,\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id)\n\n{\n\n QXLCursor *cursor;\n\n\n\n fprintf(stderr, \": %s\",\n\n qxl_name(qxl_cursor_cmd, cmd->type));\n\n switch (cmd->type) {\n\n case QXL_CURSOR_SET:\n\n fprintf(stderr, \" +%d+%d visible %s, shape @ 0x%\" PRIx64,\n\n cmd->u.set.position.x,\n\n cmd->u.set.position.y,\n\n cmd->u.set.visible ? \"yes\" : \"no\",\n\n cmd->u.set.shape);\n\n cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id);\n\n fprintf(stderr, \" type %s size %dx%d hot-spot +%d+%d\"\n\n \" unique 0x%\" PRIx64 \" data-size %d\",\n\n qxl_name(spice_cursor_type, cursor->header.type),\n\n cursor->header.width, cursor->header.height,\n\n cursor->header.hot_spot_x, cursor->header.hot_spot_y,\n\n cursor->header.unique, cursor->data_size);\n\n break;\n\n case QXL_CURSOR_MOVE:\n\n fprintf(stderr, \" +%d+%d\", cmd->u.position.x, cmd->u.position.y);\n\n break;\n\n }\n\n}\n"}} | |
| {"sample_id": "5d259fc7da83249a4f78fe32de2bc2874a997a9f", "diff": "--- a/source.c\n+++ b/source.c\n@@ -27,11 +27,11 @@\n \n \n if (iscsilun->bl.max_ws_len < 0xffffffff) {\n+\n+ bs->bl.max_write_zeroes = sector_lun2qemu(iscsilun->bl.max_ws_len,\n+\n+ iscsilun);\n+\n }\n \n bs->bl.write_zeroes_alignment = sector_lun2qemu(iscsilun->bl.opt_unmap_gran,", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int iscsi_refresh_limits(BlockDriverState *bs)\n\n{\n\n IscsiLun *iscsilun = bs->opaque;\n\n\n\n /* We don't actually refresh here, but just return data queried in\n\n * iscsi_open(): iscsi targets don't change their limits. */\n\n if (iscsilun->lbp.lbpu || iscsilun->lbp.lbpws) {\n\n if (iscsilun->bl.max_unmap < 0xffffffff) {\n\n bs->bl.max_discard = sector_lun2qemu(iscsilun->bl.max_unmap,\n\n iscsilun);\n\n }\n\n bs->bl.discard_alignment = sector_lun2qemu(iscsilun->bl.opt_unmap_gran,\n\n iscsilun);\n\n\n\n if (iscsilun->bl.max_ws_len < 0xffffffff) {\n\n bs->bl.max_write_zeroes = sector_lun2qemu(iscsilun->bl.max_ws_len,\n\n iscsilun);\n\n }\n\n bs->bl.write_zeroes_alignment = sector_lun2qemu(iscsilun->bl.opt_unmap_gran,\n\n iscsilun);\n\n\n\n bs->bl.opt_transfer_length = sector_lun2qemu(iscsilun->bl.opt_xfer_len,\n\n iscsilun);\n\n }\n\n return 0;\n\n}\n"}} | |
| {"sample_id": "74b4c74d5efb0a489bdf0acc5b5d0197167e7649_3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,11 +4,11 @@\n \n S390CPU *cpu = S390_CPU(cs);\n \n+ SigpInfo *si = arg.host_ptr;\n+\n+\n+\n+ if (s390_cpu_get_state(cpu) != CPU_STATE_OPERATING) {\n \n si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void sigp_stop(CPUState *cs, run_on_cpu_data arg)\n\n{\n\n S390CPU *cpu = S390_CPU(cs);\n\n SigpInfo *si = arg.host_ptr;\n\n\n\n if (s390_cpu_get_state(cpu) != CPU_STATE_OPERATING) {\n\n si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;\n\n return;\n\n }\n\n\n\n /* disabled wait - sleeping in user space */\n\n if (cs->halted) {\n\n s390_cpu_set_state(CPU_STATE_STOPPED, cpu);\n\n } else {\n\n /* execute the stop function */\n\n cpu->env.sigp_order = SIGP_STOP;\n\n cpu_inject_stop(cpu);\n\n }\n\n si->cc = SIGP_CC_ORDER_CODE_ACCEPTED;\n\n}\n"}} | |
| {"sample_id": "2aab7c2dfaca4386c38e5d565cd2bf73096bcc86_8", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,5 +1,5 @@\n+void ff_put_h264_qpel8_mc13_msa(uint8_t *dst, const uint8_t *src,\n+\n ptrdiff_t stride)\n \n {", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void ff_put_h264_qpel8_mc13_msa(uint8_t *dst, const uint8_t *src,\n\n ptrdiff_t stride)\n\n{\n\n avc_luma_hv_qrt_8w_msa(src + stride - 2,\n\n src - (stride * 2), stride, dst, stride, 8);\n\n}\n"}} | |
| {"sample_id": "897fa7cff21a98b260a5b3e73eae39273fa60272_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,11 +12,11 @@\n \n }\n \n+\n+\n+ /* Treat zero as compatibility all valid */\n+\n+ if (!mr->ops->valid.max_access_size) {\n \n return true;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static bool memory_region_access_valid(MemoryRegion *mr,\n\n target_phys_addr_t addr,\n\n unsigned size)\n\n{\n\n if (!mr->ops->valid.unaligned && (addr & (size - 1))) {\n\n return false;\n\n }\n\n\n\n /* Treat zero as compatibility all valid */\n\n if (!mr->ops->valid.max_access_size) {\n\n return true;\n\n }\n\n\n\n if (size > mr->ops->valid.max_access_size\n\n || size < mr->ops->valid.min_access_size) {\n\n return false;\n\n }\n\n return true;\n\n}\n"}} | |
| {"sample_id": "a911a182a6bfd3b0257b13f862b0d4fbd9392715", "diff": "--- a/source.c\n+++ b/source.c\n@@ -8,11 +8,11 @@\n \n /*\n \n+ * Don't free the fid if it is in reclaim list\n+\n+ */\n+\n+ if (!fidp->ref && fidp->clunked) {\n \n if (fidp->fid == pdu->s->root_fid) {\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void put_fid(V9fsPDU *pdu, V9fsFidState *fidp)\n\n{\n\n BUG_ON(!fidp->ref);\n\n fidp->ref--;\n\n /*\n\n * Don't free the fid if it is in reclaim list\n\n */\n\n if (!fidp->ref && fidp->clunked) {\n\n if (fidp->fid == pdu->s->root_fid) {\n\n /*\n\n * if the clunked fid is root fid then we\n\n * have unmounted the fs on the client side.\n\n * delete the migration blocker. Ideally, this\n\n * should be hooked to transport close notification\n\n */\n\n if (pdu->s->migration_blocker) {\n\n migrate_del_blocker(pdu->s->migration_blocker);\n\n error_free(pdu->s->migration_blocker);\n\n pdu->s->migration_blocker = NULL;\n\n }\n\n }\n\n free_fid(pdu, fidp);\n\n }\n\n}\n"}} | |
| {"sample_id": "8d5c773e323b22402abdd0beef4c7d2fc91dd0eb_2", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,10 +1,10 @@\n static void fcse_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)\n \n+{\n+\n+ ARMCPU *cpu = arm_env_get_cpu(env);\n+\n+\n \n if (env->cp15.c13_fcse != value) {\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void fcse_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value)\n\n{\n\n ARMCPU *cpu = arm_env_get_cpu(env);\n\n\n\n if (env->cp15.c13_fcse != value) {\n\n /* Unlike real hardware the qemu TLB uses virtual addresses,\n\n * not modified virtual addresses, so this causes a TLB flush.\n\n */\n\n tlb_flush(CPU(cpu), 1);\n\n env->cp15.c13_fcse = value;\n\n }\n\n}\n"}} | |
| {"sample_id": "082cf97106e2e94a969877d4f8c05c1e526acf54", "diff": "--- a/source.c\n+++ b/source.c\n@@ -6,11 +6,11 @@\n \n const int beta = (beta_table+52)[qp + h->slice_beta_offset];\n \n+ if (alpha ==0 || beta == 0) return;\n+\n+\n+\n+ if( bS[0] < 4 ) {\n \n int8_t tc[4];\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void filter_mb_edgecv( H264Context *h, uint8_t *pix, int stride, int16_t bS[4], int qp ) {\n\n const int index_a = qp + h->slice_alpha_c0_offset;\n\n const int alpha = (alpha_table+52)[index_a];\n\n const int beta = (beta_table+52)[qp + h->slice_beta_offset];\n\n if (alpha ==0 || beta == 0) return;\n\n\n\n if( bS[0] < 4 ) {\n\n int8_t tc[4];\n\n tc[0] = (tc0_table+52)[index_a][bS[0]]+1;\n\n tc[1] = (tc0_table+52)[index_a][bS[1]]+1;\n\n tc[2] = (tc0_table+52)[index_a][bS[2]]+1;\n\n tc[3] = (tc0_table+52)[index_a][bS[3]]+1;\n\n h->s.dsp.h264_h_loop_filter_chroma(pix, stride, alpha, beta, tc);\n\n } else {\n\n h->s.dsp.h264_h_loop_filter_chroma_intra(pix, stride, alpha, beta);\n\n }\n\n}\n"}} | |
| {"sample_id": "23326164ae6fe8d94b7eff123e03f97ca6978d33", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,10 +2,10 @@\n \n {\n \n+ if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {\n+\n+ return 4;\n+\n }\n \n if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static inline int memory_access_size(MemoryRegion *mr, int l, hwaddr addr)\n\n{\n\n if (l >= 4 && (((addr & 3) == 0 || mr->ops->impl.unaligned))) {\n\n return 4;\n\n }\n\n if (l >= 2 && (((addr & 1) == 0) || mr->ops->impl.unaligned)) {\n\n return 2;\n\n }\n\n return 1;\n\n}\n"}} | |
| {"sample_id": "a9ceb76d55abfed9426a819024aa3a4b87266c9f", "diff": "--- a/source.c\n+++ b/source.c\n@@ -52,11 +52,11 @@\n \n \n \n+ DBDMA_DPRINTF(\" status 0x%08x\\n\", status);\n+\n+\n+\n+ ch->regs[DBDMA_STATUS] = status;\n \n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "dbdma_control_write(DBDMA_channel *ch)\n\n{\n\n uint16_t mask, value;\n\n uint32_t status;\n\n\n\n mask = (ch->regs[DBDMA_CONTROL] >> 16) & 0xffff;\n\n value = ch->regs[DBDMA_CONTROL] & 0xffff;\n\n\n\n value &= (RUN | PAUSE | FLUSH | WAKE | DEVSTAT);\n\n\n\n status = ch->regs[DBDMA_STATUS];\n\n\n\n status = (value & mask) | (status & ~mask);\n\n\n\n if (status & WAKE)\n\n status |= ACTIVE;\n\n if (status & RUN) {\n\n status |= ACTIVE;\n\n status &= ~DEAD;\n\n }\n\n if (status & PAUSE)\n\n status &= ~ACTIVE;\n\n if ((ch->regs[DBDMA_STATUS] & RUN) && !(status & RUN)) {\n\n /* RUN is cleared */\n\n status &= ~(ACTIVE|DEAD);\n\n }\n\n\n\n DBDMA_DPRINTF(\" status 0x%08x\\n\", status);\n\n\n\n ch->regs[DBDMA_STATUS] = status;\n\n\n\n if (status & ACTIVE)\n\n qemu_bh_schedule(dbdma_bh);\n\n if (status & FLUSH)\n\n ch->flush(&ch->io);\n\n}\n"}} | |
| {"sample_id": "2bbb9c2f7f36d0457cda5f27d7e4422219b3acd8", "diff": "--- a/source.c\n+++ b/source.c\n@@ -32,11 +32,11 @@\n \n \n \n+ r = &pci_dev->io_regions[region_num];\n+\n+ r->addr = PCI_BAR_UNMAPPED;\n+\n+ r->size = size;\n \n r->filtered_size = size;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void pci_register_bar(PCIDevice *pci_dev, int region_num,\n\n pcibus_t size, int type,\n\n PCIMapIORegionFunc *map_func)\n\n{\n\n PCIIORegion *r;\n\n uint32_t addr;\n\n uint64_t wmask;\n\n\n\n if ((unsigned int)region_num >= PCI_NUM_REGIONS)\n\n return;\n\n\n\n if (size & (size-1)) {\n\n fprintf(stderr, \"ERROR: PCI region size must be pow2 \"\n\n \"type=0x%x, size=0x%\"FMT_PCIBUS\"\\n\", type, size);\n\n exit(1);\n\n }\n\n\n\n r = &pci_dev->io_regions[region_num];\n\n r->addr = PCI_BAR_UNMAPPED;\n\n r->size = size;\n\n r->filtered_size = size;\n\n r->type = type;\n\n r->map_func = map_func;\n\n\n\n wmask = ~(size - 1);\n\n addr = pci_bar(pci_dev, region_num);\n\n if (region_num == PCI_ROM_SLOT) {\n\n /* ROM enable bit is writeable */\n\n wmask |= PCI_ROM_ADDRESS_ENABLE;\n\n }\n\n pci_set_long(pci_dev->config + addr, type);\n\n if (!(r->type & PCI_BASE_ADDRESS_SPACE_IO) &&\n\n r->type & PCI_BASE_ADDRESS_MEM_TYPE_64) {\n\n pci_set_quad(pci_dev->wmask + addr, wmask);\n\n pci_set_quad(pci_dev->cmask + addr, ~0ULL);\n\n } else {\n\n pci_set_long(pci_dev->wmask + addr, wmask & 0xffffffff);\n\n pci_set_long(pci_dev->cmask + addr, 0xffffffff);\n\n }\n\n}\n"}} | |
| {"sample_id": "e1833e1f96456fd8fc17463246fe0b2050e68efb_14", "diff": "--- a/source.c\n+++ b/source.c\n@@ -7,11 +7,11 @@\n gen_tbl(env);\n \n gen_spr_BookE(env);\n+\n+ gen_spr_440(env);\n+\n+ spr_register(env, SPR_BOOKE_MCSR, \"MCSR\",\n+\n SPR_NOACCESS, SPR_NOACCESS,\n \n &spr_read_generic, &spr_write_generic,", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void init_proc_460 (CPUPPCState *env)\n\n{\n\n /* Time base */\n\n gen_tbl(env);\n\n gen_spr_BookE(env);\n\n gen_spr_440(env);\n\n spr_register(env, SPR_BOOKE_MCSR, \"MCSR\",\n\n SPR_NOACCESS, SPR_NOACCESS,\n\n &spr_read_generic, &spr_write_generic,\n\n 0x00000000);\n\n spr_register(env, SPR_BOOKE_MCSRR0, \"MCSRR0\",\n\n SPR_NOACCESS, SPR_NOACCESS,\n\n &spr_read_generic, &spr_write_generic,\n\n 0x00000000);\n\n spr_register(env, SPR_BOOKE_MCSRR1, \"MCSRR1\",\n\n SPR_NOACCESS, SPR_NOACCESS,\n\n &spr_read_generic, &spr_write_generic,\n\n 0x00000000);\n\n spr_register(env, SPR_440_CCR1, \"CCR1\",\n\n SPR_NOACCESS, SPR_NOACCESS,\n\n &spr_read_generic, &spr_write_generic,\n\n 0x00000000);\n\n spr_register(env, SPR_DCRIPR, \"SPR_DCRIPR\",\n\n &spr_read_generic, &spr_write_generic,\n\n &spr_read_generic, &spr_write_generic,\n\n 0x00000000);\n\n /* Memory management */\n\n env->nb_tlb = 64;\n\n env->nb_ways = 1;\n\n env->id_tlbs = 0;\n\n /* XXX: TODO: allocate internal IRQ controller */\n\n}\n"}} | |
| {"sample_id": "4be746345f13e99e468c60acbd3a355e8183e3ce_88", "diff": "--- a/source.c\n+++ b/source.c\n@@ -18,11 +18,11 @@\n \n \n \n+ if (end > (addr & ~511) + 512) {\n+\n+ memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));\n+\n+ if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {\n \n fprintf(stderr, \"sd_blk_write: write error on host side\\n\");\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)\n\n{\n\n uint64_t end = addr + len;\n\n\n\n if ((addr & 511) || len < 512)\n\n if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {\n\n fprintf(stderr, \"sd_blk_write: read error on host side\\n\");\n\n return;\n\n }\n\n\n\n if (end > (addr & ~511) + 512) {\n\n memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));\n\n if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {\n\n fprintf(stderr, \"sd_blk_write: write error on host side\\n\");\n\n return;\n\n }\n\n\n\n if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {\n\n fprintf(stderr, \"sd_blk_write: read error on host side\\n\");\n\n return;\n\n }\n\n memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);\n\n if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) {\n\n fprintf(stderr, \"sd_blk_write: write error on host side\\n\");\n\n }\n\n } else {\n\n memcpy(sd->buf + (addr & 511), sd->data, len);\n\n if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {\n\n fprintf(stderr, \"sd_blk_write: write error on host side\\n\");\n\n }\n\n }\n\n}\n"}} | |
| {"sample_id": "fe2d6fe2359b153eee827906140e62f710496a37", "diff": "--- a/source.c\n+++ b/source.c\n@@ -29,11 +29,11 @@\n av_free_packet(&pktl->pkt);\n \n av_freep(&pktl);\n+\n+ \n+\n+ if(ret<0)\n+\n return ret;\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "int av_write_trailer(AVFormatContext *s)\n\n{\n\n int ret;\n\n \n\n while(s->packet_buffer){\n\n int ret;\n\n AVPacketList *pktl= s->packet_buffer;\n\n\n\n//av_log(s, AV_LOG_DEBUG, \"write_trailer st:%d dts:%lld\\n\", pktl->pkt.stream_index, pktl->pkt.dts);\n\n truncate_ts(s->streams[pktl->pkt.stream_index], &pktl->pkt);\n\n ret= s->oformat->write_packet(s, &pktl->pkt);\n\n \n\n s->packet_buffer= pktl->next; \n\n\n\n av_free_packet(&pktl->pkt);\n\n av_freep(&pktl);\n\n \n\n if(ret<0)\n\n return ret;\n\n }\n\n\n\n ret = s->oformat->write_trailer(s);\n\n av_freep(&s->priv_data);\n\n return ret;\n\n}\n"}} | |
| {"sample_id": "5e53486545726987ab4482321d4dcf7e23e7652f", "diff": "--- a/source.c\n+++ b/source.c\n@@ -61,11 +61,11 @@\n dca_smpl_bitalloc[i+1].offset = bitalloc_offsets[i];\n \n dca_smpl_bitalloc[i+1].wrap = 1 + (j > 4);\n+\n+ init_vlc(&dca_smpl_bitalloc[i+1].vlc[j], bitalloc_maxbits[i][j],\n+\n+ bitalloc_sizes[i],\n+\n bitalloc_bits[i][j], 1, 1,\n \n bitalloc_codes[i][j], 2, 2, 1);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void dca_init_vlcs(void)\n\n{\n\n static int vlcs_inited = 0;\n\n int i, j;\n\n\n\n if (vlcs_inited)\n\n return;\n\n\n\n dca_bitalloc_index.offset = 1;\n\n dca_bitalloc_index.wrap = 2;\n\n for (i = 0; i < 5; i++)\n\n init_vlc(&dca_bitalloc_index.vlc[i], bitalloc_12_vlc_bits[i], 12,\n\n bitalloc_12_bits[i], 1, 1,\n\n bitalloc_12_codes[i], 2, 2, 1);\n\n dca_scalefactor.offset = -64;\n\n dca_scalefactor.wrap = 2;\n\n for (i = 0; i < 5; i++)\n\n init_vlc(&dca_scalefactor.vlc[i], SCALES_VLC_BITS, 129,\n\n scales_bits[i], 1, 1,\n\n scales_codes[i], 2, 2, 1);\n\n dca_tmode.offset = 0;\n\n dca_tmode.wrap = 1;\n\n for (i = 0; i < 4; i++)\n\n init_vlc(&dca_tmode.vlc[i], tmode_vlc_bits[i], 4,\n\n tmode_bits[i], 1, 1,\n\n tmode_codes[i], 2, 2, 1);\n\n\n\n for(i = 0; i < 10; i++)\n\n for(j = 0; j < 7; j++){\n\n if(!bitalloc_codes[i][j]) break;\n\n dca_smpl_bitalloc[i+1].offset = bitalloc_offsets[i];\n\n dca_smpl_bitalloc[i+1].wrap = 1 + (j > 4);\n\n init_vlc(&dca_smpl_bitalloc[i+1].vlc[j], bitalloc_maxbits[i][j],\n\n bitalloc_sizes[i],\n\n bitalloc_bits[i][j], 1, 1,\n\n bitalloc_codes[i][j], 2, 2, 1);\n\n }\n\n vlcs_inited = 1;\n\n}\n"}} | |
| {"sample_id": "c679e74d2e29fa08ede9121d59aee4e9675611d7_1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -13,11 +13,11 @@\n if (!(p->flags & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA))) {\n \n ret = -ENODEV;\n+\n+ goto out;\n+\n+ }\n+\n \n \n /* Trigger the clear function. */", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "int css_do_csch(SubchDev *sch)\n\n{\n\n SCSW *s = &sch->curr_status.scsw;\n\n PMCW *p = &sch->curr_status.pmcw;\n\n int ret;\n\n\n\n if (!(p->flags & (PMCW_FLAGS_MASK_DNV | PMCW_FLAGS_MASK_ENA))) {\n\n ret = -ENODEV;\n\n goto out;\n\n }\n\n\n\n /* Trigger the clear function. */\n\n s->ctrl &= ~(SCSW_CTRL_MASK_FCTL | SCSW_CTRL_MASK_ACTL);\n\n s->ctrl |= SCSW_FCTL_CLEAR_FUNC | SCSW_ACTL_CLEAR_PEND;\n\n\n\n do_subchannel_work(sch, NULL);\n\n ret = 0;\n\n\n\nout:\n\n return ret;\n\n}\n"}} | |
| {"sample_id": "f1c2dc7c866a939c39c14729290a21309a1c8a38", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,11 +4,11 @@\n \n {\n \n+ unsigned i;\n+\n+ MSIMessage msg = { .address = addr, .data = 0 };\n+\n+\n \n if (!msix) {\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void spapr_msi_setmsg(PCIDevice *pdev, hwaddr addr,\n\n bool msix, unsigned req_num)\n\n{\n\n unsigned i;\n\n MSIMessage msg = { .address = addr, .data = 0 };\n\n\n\n if (!msix) {\n\n msi_set_message(pdev, msg);\n\n trace_spapr_pci_msi_setup(pdev->name, 0, msg.address);\n\n return;\n\n }\n\n\n\n for (i = 0; i < req_num; ++i) {\n\n msg.address = addr | (i << 2);\n\n msix_set_message(pdev, i, msg);\n\n trace_spapr_pci_msi_setup(pdev->name, i, msg.address);\n\n }\n\n}\n"}} | |
| {"sample_id": "5e1b34a3fa0a0fbf46628aab10cc49f6f855520e_2", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n+static void ioq_init(LaioQueue *io_q)\n+\n+{\n \n QSIMPLEQ_INIT(&io_q->pending);\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void ioq_init(LaioQueue *io_q)\n\n{\n\n QSIMPLEQ_INIT(&io_q->pending);\n\n io_q->plugged = 0;\n\n io_q->n = 0;\n\n io_q->blocked = false;\n\n}\n"}} | |
| {"sample_id": "9c5ce8db2e5c2769ed2fd3d91928dd1853b5ce7c_2", "diff": "--- a/source.c\n+++ b/source.c\n@@ -6,11 +6,11 @@\n \n \n \n+ SMBIOS_TABLE_SET_STR(1, manufacturer_str, type1.manufacturer);\n+\n+ SMBIOS_TABLE_SET_STR(1, product_name_str, type1.product);\n+\n+ SMBIOS_TABLE_SET_STR(1, version_str, type1.version);\n \n SMBIOS_TABLE_SET_STR(1, serial_number_str, type1.serial);\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void smbios_build_type_1_table(void)\n\n{\n\n SMBIOS_BUILD_TABLE_PRE(1, 0x100, true); /* required */\n\n\n\n SMBIOS_TABLE_SET_STR(1, manufacturer_str, type1.manufacturer);\n\n SMBIOS_TABLE_SET_STR(1, product_name_str, type1.product);\n\n SMBIOS_TABLE_SET_STR(1, version_str, type1.version);\n\n SMBIOS_TABLE_SET_STR(1, serial_number_str, type1.serial);\n\n if (qemu_uuid_set) {\n\n smbios_encode_uuid(&t->uuid, qemu_uuid);\n\n } else {\n\n memset(&t->uuid, 0, 16);\n\n }\n\n t->wake_up_type = 0x06; /* power switch */\n\n SMBIOS_TABLE_SET_STR(1, sku_number_str, type1.sku);\n\n SMBIOS_TABLE_SET_STR(1, family_str, type1.family);\n\n\n\n SMBIOS_BUILD_TABLE_POST;\n\n}\n"}} | |
| {"sample_id": "738012bec4c67e697e766edadab3f522c552a04d_2", "diff": "--- a/source.c\n+++ b/source.c\n@@ -6,6 +6,6 @@\n \n sysbus_register_withprop(&mv88w8618_audio_info);\n \n+#endif\n+\n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void mv88w8618_register_devices(void)\n\n{\n\n#ifdef HAS_AUDIO\n\n sysbus_register_withprop(&mv88w8618_audio_info);\n\n#endif\n\n}\n"}} | |
| {"sample_id": "72cf2d4f0e181d0d3a3122e04129c58a95da713e_12", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,5 +3,5 @@\n {\n \n LIST_INSERT_HEAD(&watchdog_list, model, entry);\n+\n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void watchdog_add_model(WatchdogTimerModel *model)\n\n{\n\n LIST_INSERT_HEAD(&watchdog_list, model, entry);\n\n}\n"}} | |