I apologize for not understanding this bug was a security issue, and not insisting on it.
It has been fixed in SLiRP by "Fix use-afte-free in ip_reass() (CVE-2020-1983)": https://gitlab.freedesktop.org/slirp/libslirp/commit/9bd6c591 And in QEMU by commit 7769c23774 "slirp: update to fix CVE-2020-1983". ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1983 -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1837094 Title: UndefinedBehaviorSanitizer crash around slirp::ip_reass() Status in QEMU: Fix Released Bug description: tag: v4.1.0-rc1 ./configure --enable-sanitizers --extra-cflags=-O1 ==26130==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000008 (pc 0x0000561ad346d588 bp 0x7fff6ee9f940 sp 0x7fff6ee9f8e8 T26130) ==26130==The signal is caused by a WRITE memory access. ==26130==Hint: address points to the zero page. #0 0x0000561ad346d587 in ip_deq() at slirp/src/ip_input.c:411:55 #1 0x0000561ad346cffb in ip_reass() at slirp/src/ip_input.c:304:9 #2 0x0000561ad346cb6f in ip_input() at slirp/src/ip_input.c:184:18 I only had access to the last packet which isn't the culprit, I'm now seeing how to log the network traffic of the guest to provide more useful information. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1837094/+subscriptions