Hugging Face's logo

Spaces:
Nitishkumar-ai
/
commitguard
Configuration error

App Files Community
commitguard / data /devign_test.jsonl
Nitishkumar-ai's picture
Nitishkumar-ai
Upload folder using huggingface_hub
e4f3d12 verified
raw
history blame contribute delete
110 kB
{"sample_id": "b3db211f3c80bb996a704d665fe275619f728bd4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,11 +4,11 @@\n \n {\n \n+ UserDefTwo *udp = NULL;\n+\n+ Visitor *v;\n+\n+\n \n v = visitor_input_test_init(data, \"{ 'string0': 'string0', \"\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void test_visitor_in_struct_nested(TestInputVisitorData *data,\n\n const void *unused)\n\n{\n\n UserDefTwo *udp = NULL;\n\n Visitor *v;\n\n\n\n v = visitor_input_test_init(data, \"{ 'string0': 'string0', \"\n\n \"'dict1': { 'string1': 'string1', \"\n\n \"'dict2': { 'userdef': { 'integer': 42, \"\n\n \"'string': 'string' }, 'string': 'string2'}}}\");\n\n\n\n visit_type_UserDefTwo(v, NULL, &udp, &error_abort);\n\n\n\n g_assert_cmpstr(udp->string0, ==, \"string0\");\n\n g_assert_cmpstr(udp->dict1->string1, ==, \"string1\");\n\n g_assert_cmpint(udp->dict1->dict2->userdef->integer, ==, 42);\n\n g_assert_cmpstr(udp->dict1->dict2->userdef->string, ==, \"string\");\n\n g_assert_cmpstr(udp->dict1->dict2->string, ==, \"string2\");\n\n g_assert(udp->dict1->has_dict3 == false);\n\n\n\n qapi_free_UserDefTwo(udp);\n\n}\n"}}
{"sample_id": "be4dfbf7b71e44a53ca8da882a081e35ea134c83", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n int ffurl_get_short_seek(URLContext *h)\n \n+{\n+\n if (!h->prot->url_get_short_seek)\n \n return AVERROR(ENOSYS);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "int ffurl_get_short_seek(URLContext *h)\n\n{\n\n if (!h->prot->url_get_short_seek)\n\n return AVERROR(ENOSYS);\n\n return h->prot->url_get_short_seek(h);\n\n}\n"}}
{"sample_id": "662234a9a22f1cd0f0ac83b8bb1ffadedca90c0a", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n void ff_put_h264_qpel4_mc23_msa(uint8_t *dst, const uint8_t *src,\n \n+ ptrdiff_t stride)\n+\n {\n \n avc_luma_midv_qrt_4w_msa(src - (2 * stride) - 2, stride, dst, stride, 4, 1);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void ff_put_h264_qpel4_mc23_msa(uint8_t *dst, const uint8_t *src,\n\n ptrdiff_t stride)\n\n{\n\n avc_luma_midv_qrt_4w_msa(src - (2 * stride) - 2, stride, dst, stride, 4, 1);\n\n}\n"}}
{"sample_id": "e549933a270dd2cfc36f2cf9bb6b29acf3dc6d08", "diff": "--- a/source.c\n+++ b/source.c\n@@ -9,11 +9,11 @@\n uint32_t multiple8_cnt;\n \n \n+\n+ for (multiple8_cnt = 4; multiple8_cnt--;) {\n+\n+ avc_luma_midh_qrt_4w_msa(src, src_stride, dst, dst_stride, height,\n+\n horiz_offset);\n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void avc_luma_midh_qrt_16w_msa(const uint8_t *src, int32_t src_stride,\n\n uint8_t *dst, int32_t dst_stride,\n\n int32_t height, uint8_t horiz_offset)\n\n{\n\n uint32_t multiple8_cnt;\n\n\n\n for (multiple8_cnt = 4; multiple8_cnt--;) {\n\n avc_luma_midh_qrt_4w_msa(src, src_stride, dst, dst_stride, height,\n\n horiz_offset);\n\n\n\n src += 4;\n\n dst += 4;\n\n }\n\n}\n"}}
{"sample_id": "9732baf67850dac57dfc7dc8980bf408889a8973", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n static void *thread_function(void *data)\n+\n+{\n \n GMainLoop *loop;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "static void *thread_function(void *data)\n\n{\n\n GMainLoop *loop;\n\n loop = g_main_loop_new(NULL, FALSE);\n\n g_main_loop_run(loop);\n\n return NULL;\n\n}\n"}}
{"sample_id": "3c90c65d7adab49a41952ee14e1d65f81355e408", "diff": "--- a/source.c\n+++ b/source.c\n@@ -16,11 +16,11 @@\n \n injected = false;\n \n+ s->new_state = s->state;\n+\n+ QLIST_FOREACH(rule, &s->rules[event], next) {\n+\n+ injected = process_rule(bs, rule, injected);\n \n }\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void blkdebug_debug_event(BlockDriverState *bs, BlkDebugEvent event)\n\n{\n\n BDRVBlkdebugState *s = bs->opaque;\n\n struct BlkdebugRule *rule;\n\n bool injected;\n\n\n\n assert((int)event >= 0 && event < BLKDBG_EVENT_MAX);\n\n\n\n injected = false;\n\n s->new_state = s->state;\n\n QLIST_FOREACH(rule, &s->rules[event], next) {\n\n injected = process_rule(bs, rule, injected);\n\n }\n\n s->state = s->new_state;\n\n}\n"}}
{"sample_id": "ede9c94acf6cd1968de4188c0228b714ab871a86", "diff": "--- a/source.c\n+++ b/source.c\n@@ -54,11 +54,11 @@\n \n return -VTD_FR_IR_IRTE_RSVD;\n \n+ }\n+\n+\n+\n+ /*\n \n * TODO: Check Source-ID corresponds to SVT (Source Validation\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int vtd_irte_get(IntelIOMMUState *iommu, uint16_t index,\n\n VTD_IRTE *entry)\n\n{\n\n dma_addr_t addr = 0x00;\n\n\n\n addr = iommu->intr_root + index * sizeof(*entry);\n\n if (dma_memory_read(&address_space_memory, addr, entry,\n\n sizeof(*entry))) {\n\n VTD_DPRINTF(GENERAL, \"error: fail to access IR root at 0x%\"PRIx64\n\n \" + %\"PRIu16, iommu->intr_root, index);\n\n return -VTD_FR_IR_ROOT_INVAL;\n\n }\n\n\n\n if (!entry->present) {\n\n VTD_DPRINTF(GENERAL, \"error: present flag not set in IRTE\"\n\n \" entry index %u value 0x%\"PRIx64 \" 0x%\"PRIx64,\n\n index, le64_to_cpu(entry->data[1]),\n\n le64_to_cpu(entry->data[0]));\n\n return -VTD_FR_IR_ENTRY_P;\n\n }\n\n\n\n if (entry->__reserved_0 || entry->__reserved_1 || \\\n\n entry->__reserved_2) {\n\n VTD_DPRINTF(GENERAL, \"error: IRTE entry index %\"PRIu16\n\n \" reserved fields non-zero: 0x%\"PRIx64 \" 0x%\"PRIx64,\n\n index, le64_to_cpu(entry->data[1]),\n\n le64_to_cpu(entry->data[0]));\n\n return -VTD_FR_IR_IRTE_RSVD;\n\n }\n\n\n\n /*\n\n * TODO: Check Source-ID corresponds to SVT (Source Validation\n\n * Type) bits\n\n */\n\n\n\n return 0;\n\n}\n"}}
{"sample_id": "6092666ebdc68b2634db050689292c71a5c368c0", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n static void phys_sections_clear(PhysPageMap *map)\n \n+{\n+\n+ while (map->sections_nb > 0) {\n+\n MemoryRegionSection *section = &map->sections[--map->sections_nb];\n \n phys_section_destroy(section->mr);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void phys_sections_clear(PhysPageMap *map)\n\n{\n\n while (map->sections_nb > 0) {\n\n MemoryRegionSection *section = &map->sections[--map->sections_nb];\n\n phys_section_destroy(section->mr);\n\n }\n\n g_free(map->sections);\n\n g_free(map->nodes);\n\n}\n"}}
{"sample_id": "5861a33898bbddfd1a80c2e202cb9352e3b1ba62", "diff": "--- a/source.c\n+++ b/source.c\n@@ -49,11 +49,11 @@\n /* An higher priority IRQ is already raised */\n \n DPRINTF(\"%s: IRQ %d is hidden by raised IRQ %d on CPU %d\\n\",\n+\n+ __func__, n_IRQ, dst->raised.next, n_CPU);\n+\n+ return;\n+\n }\n \n IRQ_get_next(opp, &dst->raised);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void IRQ_local_pipe (openpic_t *opp, int n_CPU, int n_IRQ)\n\n{\n\n IRQ_dst_t *dst;\n\n IRQ_src_t *src;\n\n int priority;\n\n\n\n dst = &opp->dst[n_CPU];\n\n src = &opp->src[n_IRQ];\n\n priority = IPVP_PRIORITY(src->ipvp);\n\n if (priority <= dst->pctp) {\n\n /* Too low priority */\n\n DPRINTF(\"%s: IRQ %d has too low priority on CPU %d\\n\",\n\n __func__, n_IRQ, n_CPU);\n\n return;\n\n }\n\n if (IRQ_testbit(&dst->raised, n_IRQ)) {\n\n /* Interrupt miss */\n\n DPRINTF(\"%s: IRQ %d was missed on CPU %d\\n\",\n\n __func__, n_IRQ, n_CPU);\n\n return;\n\n }\n\n set_bit(&src->ipvp, IPVP_ACTIVITY);\n\n IRQ_setbit(&dst->raised, n_IRQ);\n\n if (priority < dst->raised.priority) {\n\n /* An higher priority IRQ is already raised */\n\n DPRINTF(\"%s: IRQ %d is hidden by raised IRQ %d on CPU %d\\n\",\n\n __func__, n_IRQ, dst->raised.next, n_CPU);\n\n return;\n\n }\n\n IRQ_get_next(opp, &dst->raised);\n\n if (IRQ_get_next(opp, &dst->servicing) != -1 &&\n\n priority <= dst->servicing.priority) {\n\n DPRINTF(\"%s: IRQ %d is hidden by servicing IRQ %d on CPU %d\\n\",\n\n __func__, n_IRQ, dst->servicing.next, n_CPU);\n\n /* Already servicing a higher priority IRQ */\n\n return;\n\n }\n\n DPRINTF(\"Raise OpenPIC INT output cpu %d irq %d\\n\", n_CPU, n_IRQ);\n\n opp->irq_raise(opp, n_CPU, src);\n\n}\n"}}
{"sample_id": "e33e94f92298c96e0928cefab00ea5bae0a1cd19", "diff": "--- a/source.c\n+++ b/source.c\n@@ -8,11 +8,11 @@\n \n /* Update the floating-point exception summary */\n \n+ env->fpscr |= 1 << FPSCR_FX;\n+\n+ if (fpscr_ze != 0) {\n+\n+ /* Update the floating-point enabled exception summary */\n \n env->fpscr |= 1 << FPSCR_FEX;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static always_inline uint64_t float_zero_divide_excp (uint64_t arg1, uint64_t arg2)\n\n{\n\n env->fpscr |= 1 << FPSCR_ZX;\n\n env->fpscr &= ~((1 << FPSCR_FR) | (1 << FPSCR_FI));\n\n /* Update the floating-point exception summary */\n\n env->fpscr |= 1 << FPSCR_FX;\n\n if (fpscr_ze != 0) {\n\n /* Update the floating-point enabled exception summary */\n\n env->fpscr |= 1 << FPSCR_FEX;\n\n if (msr_fe0 != 0 || msr_fe1 != 0) {\n\n helper_raise_exception_err(POWERPC_EXCP_PROGRAM,\n\n POWERPC_EXCP_FP | POWERPC_EXCP_FP_ZX);\n\n }\n\n } else {\n\n /* Set the result to infinity */\n\n arg1 = ((arg1 ^ arg2) & 0x8000000000000000ULL);\n\n arg1 |= 0x7FFULL << 52;\n\n }\n\n return arg1;\n\n}\n"}}
{"sample_id": "6f37226b687f969bcf6e47a4fb5c28a32d107aa3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,8 +3,8 @@\n {\n \n const H264Context *h = sl->h264;\n+\n+ int alloc_size = FFALIGN(FFABS(linesize) + 32, 32);\n \n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static int alloc_scratch_buffers(H264SliceContext *sl, int linesize)\n\n{\n\n const H264Context *h = sl->h264;\n\n int alloc_size = FFALIGN(FFABS(linesize) + 32, 32);\n\n\n\n av_fast_malloc(&sl->bipred_scratchpad, &sl->bipred_scratchpad_allocated, 16 * 6 * alloc_size);\n\n // edge emu needs blocksize + filter length - 1\n\n // (= 21x21 for h264)\n\n av_fast_malloc(&sl->edge_emu_buffer, &sl->edge_emu_buffer_allocated, alloc_size * 2 * 21);\n\n\n\n av_fast_malloc(&sl->top_borders[0], &sl->top_borders_allocated[0],\n\n h->mb_width * 16 * 3 * sizeof(uint8_t) * 2);\n\n av_fast_malloc(&sl->top_borders[1], &sl->top_borders_allocated[1],\n\n h->mb_width * 16 * 3 * sizeof(uint8_t) * 2);\n\n\n\n if (!sl->bipred_scratchpad || !sl->edge_emu_buffer ||\n\n !sl->top_borders[0] || !sl->top_borders[1]) {\n\n av_freep(&sl->bipred_scratchpad);\n\n av_freep(&sl->edge_emu_buffer);\n\n av_freep(&sl->top_borders[0]);\n\n av_freep(&sl->top_borders[1]);\n\n\n\n sl->bipred_scratchpad_allocated = 0;\n\n sl->edge_emu_buffer_allocated = 0;\n\n sl->top_borders_allocated[0] = 0;\n\n sl->top_borders_allocated[1] = 0;\n\n return AVERROR(ENOMEM);\n\n }\n\n\n\n return 0;\n\n}\n"}}
{"sample_id": "b2bedb214469af55179d907a60cd67fed6b0779e", "diff": "--- a/source.c\n+++ b/source.c\n@@ -15,11 +15,11 @@\n \" Example:\\n\"\n \n \" 'multiwrite 512 1k 1k ; 4k 1k' \\n\"\n+\n+\" writes 2 kB at 512 bytes and 1 kB at 4 kB into the open file\\n\"\n+\n+\"\\n\"\n+\n \" Writes into a segment of the currently open file, using a buffer\\n\"\n \n \" filled with a set pattern (0xcdcdcdcd). The pattern byte is increased\\n\"", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void multiwrite_help(void)\n\n{\n\n printf(\n\n\"\\n\"\n\n\" writes a range of bytes from the given offset source from multiple buffers,\\n\"\n\n\" in a batch of requests that may be merged by qemu\\n\"\n\n\"\\n\"\n\n\" Example:\\n\"\n\n\" 'multiwrite 512 1k 1k ; 4k 1k' \\n\"\n\n\" writes 2 kB at 512 bytes and 1 kB at 4 kB into the open file\\n\"\n\n\"\\n\"\n\n\" Writes into a segment of the currently open file, using a buffer\\n\"\n\n\" filled with a set pattern (0xcdcdcdcd). The pattern byte is increased\\n\"\n\n\" by one for each request contained in the multiwrite command.\\n\"\n\n\" -P, -- use different pattern to fill file\\n\"\n\n\" -C, -- report statistics in a machine parsable format\\n\"\n\n\" -q, -- quiet mode, do not show I/O statistics\\n\"\n\n\"\\n\");\n\n}\n"}}
{"sample_id": "dd793a74882477ca38d49e191110c17dfee51dcc", "diff": "--- a/source.c\n+++ b/source.c\n@@ -14,7 +14,7 @@\n \n if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {\n \n+ DBGOUT(TX, \"tx disabled\\n\");\n \n return;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "start_xmit(E1000State *s)\n\n{\n\n PCIDevice *d = PCI_DEVICE(s);\n\n dma_addr_t base;\n\n struct e1000_tx_desc desc;\n\n uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;\n\n\n\n if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {\n\n DBGOUT(TX, \"tx disabled\\n\");\n\n return;\n\n }\n\n\n\n while (s->mac_reg[TDH] != s->mac_reg[TDT]) {\n\n base = tx_desc_base(s) +\n\n sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];\n\n pci_dma_read(d, base, &desc, sizeof(desc));\n\n\n\n DBGOUT(TX, \"index %d: %p : %x %x\\n\", s->mac_reg[TDH],\n\n (void *)(intptr_t)desc.buffer_addr, desc.lower.data,\n\n desc.upper.data);\n\n\n\n process_tx_desc(s, &desc);\n\n cause |= txdesc_writeback(s, base, &desc);\n\n\n\n if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])\n\n s->mac_reg[TDH] = 0;\n\n /*\n\n * the following could happen only if guest sw assigns\n\n * bogus values to TDT/TDLEN.\n\n * there's nothing too intelligent we could do about this.\n\n */\n\n if (s->mac_reg[TDH] == tdh_start) {\n\n DBGOUT(TXERR, \"TDH wraparound @%x, TDT %x, TDLEN %x\\n\",\n\n tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);\n\n break;\n\n }\n\n }\n\n set_ics(s, 0, cause);\n\n}\n"}}
{"sample_id": "0a73336d96397c80881219d080518fac6f1ecacb", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,16 +1,16 @@\n+static CharDriverState *net_vhost_parse_chardev(\n \n+ const NetdevVhostUserOptions *opts, Error **errp)\n \n {\n \n CharDriverState *chr = qemu_chr_find(opts->chardev);\n+\n+ VhostUserChardevProps props;\n \n \n+\n+ if (chr == NULL) {\n \n error_setg(errp, \"chardev \\\"%s\\\" not found\", opts->chardev);\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "static CharDriverState *net_vhost_parse_chardev(\n\n const NetdevVhostUserOptions *opts, Error **errp)\n\n{\n\n CharDriverState *chr = qemu_chr_find(opts->chardev);\n\n VhostUserChardevProps props;\n\n\n\n if (chr == NULL) {\n\n error_setg(errp, \"chardev \\\"%s\\\" not found\", opts->chardev);\n\n return NULL;\n\n }\n\n\n\n /* inspect chardev opts */\n\n memset(&props, 0, sizeof(props));\n\n if (qemu_opt_foreach(chr->opts, net_vhost_chardev_opts, &props, errp)) {\n\n return NULL;\n\n }\n\n\n\n if (!props.is_socket || !props.is_unix) {\n\n error_setg(errp, \"chardev \\\"%s\\\" is not a unix socket\",\n\n opts->chardev);\n\n return NULL;\n\n }\n\n\n\n qemu_chr_fe_claim_no_fail(chr);\n\n\n\n return chr;\n\n}\n"}}
{"sample_id": "04c99c8042c8bfae817c722d90aa0f1a40db861e", "diff": "--- a/source.c\n+++ b/source.c\n@@ -16,14 +16,14 @@\n \n for(i=0; i<4; i++){\n \n+ const int z0= input[4*i+0] + input[4*i+1];\n+\n+ const int z1= input[4*i+0] - input[4*i+1];\n+\n+ const int z2= input[4*i+2] - input[4*i+3];\n+\n+ const int z3= input[4*i+2] + input[4*i+3];\n+\n \n \n temp[4*i+0]= z0+z3;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "void FUNCC(ff_h264_luma_dc_dequant_idct)(int16_t *_output, int16_t *_input, int qmul){\n\n#define stride 16\n\n int i;\n\n int temp[16];\n\n static const uint8_t x_offset[4]={0, 2*stride, 8*stride, 10*stride};\n\n dctcoef *input = (dctcoef*)_input;\n\n dctcoef *output = (dctcoef*)_output;\n\n\n\n for(i=0; i<4; i++){\n\n const int z0= input[4*i+0] + input[4*i+1];\n\n const int z1= input[4*i+0] - input[4*i+1];\n\n const int z2= input[4*i+2] - input[4*i+3];\n\n const int z3= input[4*i+2] + input[4*i+3];\n\n\n\n temp[4*i+0]= z0+z3;\n\n temp[4*i+1]= z0-z3;\n\n temp[4*i+2]= z1-z2;\n\n temp[4*i+3]= z1+z2;\n\n }\n\n\n\n for(i=0; i<4; i++){\n\n const int offset= x_offset[i];\n\n const int z0= temp[4*0+i] + temp[4*2+i];\n\n const int z1= temp[4*0+i] - temp[4*2+i];\n\n const int z2= temp[4*1+i] - temp[4*3+i];\n\n const int z3= temp[4*1+i] + temp[4*3+i];\n\n\n\n output[stride* 0+offset]= ((((z0 + z3)*qmul + 128 ) >> 8));\n\n output[stride* 1+offset]= ((((z1 + z2)*qmul + 128 ) >> 8));\n\n output[stride* 4+offset]= ((((z1 - z2)*qmul + 128 ) >> 8));\n\n output[stride* 5+offset]= ((((z0 - z3)*qmul + 128 ) >> 8));\n\n }\n\n#undef stride\n\n}\n"}}
{"sample_id": "fff4e48ed54cc39e5942921df91300646ad37707", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,8 +12,8 @@\n \n \n \n+ assert(opts->type == NET_CLIENT_OPTIONS_KIND_VHOST_USER);\n+\n vhost_user_opts = opts->u.vhost_user;\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "int net_init_vhost_user(const NetClientOptions *opts, const char *name,\n\n NetClientState *peer, Error **errp)\n\n{\n\n int queues;\n\n const NetdevVhostUserOptions *vhost_user_opts;\n\n CharDriverState *chr;\n\n\n\n assert(opts->type == NET_CLIENT_OPTIONS_KIND_VHOST_USER);\n\n vhost_user_opts = opts->u.vhost_user;\n\n\n\n chr = net_vhost_parse_chardev(vhost_user_opts, errp);\n\n if (!chr) {\n\n return -1;\n\n }\n\n\n\n /* verify net frontend */\n\n if (qemu_opts_foreach(qemu_find_opts(\"device\"), net_vhost_check_net,\n\n (char *)name, errp)) {\n\n return -1;\n\n }\n\n\n\n queues = vhost_user_opts->has_queues ? vhost_user_opts->queues : 1;\n\n if (queues < 1) {\n\n error_setg(errp,\n\n \"vhost-user number of queues must be bigger than zero\");\n\n return -1;\n\n }\n\n\n\n return net_vhost_user_init(peer, \"vhost_user\", name, chr, queues);\n\n}\n"}}
{"sample_id": "b1b27b64262fdace45e5ab134c4438338076cb98", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,8 +1,8 @@\n static int nbd_co_writev_1(NbdClientSession *client, int64_t sector_num,\n+\n int nb_sectors, QEMUIOVector *qiov,\n \n+ int offset)\n \n {\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "static int nbd_co_writev_1(NbdClientSession *client, int64_t sector_num,\n\n int nb_sectors, QEMUIOVector *qiov,\n\n int offset)\n\n{\n\n struct nbd_request request;\n\n struct nbd_reply reply;\n\n ssize_t ret;\n\n\n\n request.type = NBD_CMD_WRITE;\n\n if (!bdrv_enable_write_cache(client->bs) &&\n\n (client->nbdflags & NBD_FLAG_SEND_FUA)) {\n\n request.type |= NBD_CMD_FLAG_FUA;\n\n }\n\n\n\n request.from = sector_num * 512;\n\n request.len = nb_sectors * 512;\n\n\n\n nbd_coroutine_start(client, &request);\n\n ret = nbd_co_send_request(client, &request, qiov, offset);\n\n if (ret < 0) {\n\n reply.error = -ret;\n\n } else {\n\n nbd_co_receive_reply(client, &request, &reply, NULL, 0);\n\n }\n\n nbd_coroutine_end(client, &request);\n\n return -reply.error;\n\n}\n"}}
{"sample_id": "f8ed85ac992c48814d916d5df4d44f9a971c5de4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -6,7 +6,7 @@\n \n MilkymistMinimac2State *s = MILKYMIST_MINIMAC2(dev);\n \n+ size_t buffers_size = TARGET_PAGE_ALIGN(3 * MINIMAC2_BUFFER_SIZE);\n \n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static int milkymist_minimac2_init(SysBusDevice *sbd)\n\n{\n\n DeviceState *dev = DEVICE(sbd);\n\n MilkymistMinimac2State *s = MILKYMIST_MINIMAC2(dev);\n\n size_t buffers_size = TARGET_PAGE_ALIGN(3 * MINIMAC2_BUFFER_SIZE);\n\n\n\n sysbus_init_irq(sbd, &s->rx_irq);\n\n sysbus_init_irq(sbd, &s->tx_irq);\n\n\n\n memory_region_init_io(&s->regs_region, OBJECT(dev), &minimac2_ops, s,\n\n \"milkymist-minimac2\", R_MAX * 4);\n\n sysbus_init_mmio(sbd, &s->regs_region);\n\n\n\n /* register buffers memory */\n\n memory_region_init_ram(&s->buffers, OBJECT(dev), \"milkymist-minimac2.buffers\",\n\n buffers_size, &error_abort);\n\n vmstate_register_ram_global(&s->buffers);\n\n s->rx0_buf = memory_region_get_ram_ptr(&s->buffers);\n\n s->rx1_buf = s->rx0_buf + MINIMAC2_BUFFER_SIZE;\n\n s->tx_buf = s->rx1_buf + MINIMAC2_BUFFER_SIZE;\n\n\n\n sysbus_init_mmio(sbd, &s->buffers);\n\n\n\n qemu_macaddr_default_if_unset(&s->conf.macaddr);\n\n s->nic = qemu_new_nic(&net_milkymist_minimac2_info, &s->conf,\n\n object_get_typename(OBJECT(dev)), dev->id, s);\n\n qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);\n\n\n\n return 0;\n\n}\n"}}
{"sample_id": "4207117c93357347500235952ce7891688089cb1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n+static void akita_init(int ram_size, int vga_ram_size, int boot_device,\n+\n+ DisplayState *ds, const char **fd_filename, int snapshot,\n \n const char *kernel_filename, const char *kernel_cmdline,\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void akita_init(int ram_size, int vga_ram_size, int boot_device,\n\n DisplayState *ds, const char **fd_filename, int snapshot,\n\n const char *kernel_filename, const char *kernel_cmdline,\n\n const char *initrd_filename, const char *cpu_model)\n\n{\n\n spitz_common_init(ram_size, vga_ram_size, ds, kernel_filename,\n\n kernel_cmdline, initrd_filename, akita, 0x2e8);\n\n}\n"}}
{"sample_id": "de00982e9e14e2d6ba3d148f02c5a1e94deaa985", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,9 +2,9 @@\n \n uint32_t val, int len)\n \n+{\n+\n+ DPRINTF(\"Warning: attempted write of 0x%x to physical \"\n \n \"address 0x\" TARGET_FMT_plx \" in xen platform mmio space\\n\",\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void platform_mmio_write(ReadWriteHandler *handler, pcibus_t addr,\n\n uint32_t val, int len)\n\n{\n\n DPRINTF(\"Warning: attempted write of 0x%x to physical \"\n\n \"address 0x\" TARGET_FMT_plx \" in xen platform mmio space\\n\",\n\n val, addr);\n\n}\n"}}
{"sample_id": "98c8573eb37bf5d7bb0c07225985a78537c73101", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,8 +1,8 @@\n+int kvm_set_ioeventfd_pio_word(int fd, uint16_t addr, uint16_t val, bool assign)\n+\n+{\n+\n+ struct kvm_ioeventfd kick = {\n \n .datamatch = val,\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "int kvm_set_ioeventfd_pio_word(int fd, uint16_t addr, uint16_t val, bool assign)\n\n{\n\n struct kvm_ioeventfd kick = {\n\n .datamatch = val,\n\n .addr = addr,\n\n .len = 2,\n\n .flags = KVM_IOEVENTFD_FLAG_DATAMATCH | KVM_IOEVENTFD_FLAG_PIO,\n\n .fd = fd,\n\n };\n\n int r;\n\n if (!kvm_enabled())\n\n return -ENOSYS;\n\n if (!assign)\n\n kick.flags |= KVM_IOEVENTFD_FLAG_DEASSIGN;\n\n r = kvm_vm_ioctl(kvm_state, KVM_IOEVENTFD, &kick);\n\n if (r < 0)\n\n return r;\n\n return 0;\n\n}\n"}}
{"sample_id": "87e8788680e16c51f6048af26f3f7830c35207a5", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n+static int ipmovie_probe(AVProbeData *p)\n+\n+{\n+\n if (p->buf_size < IPMOVIE_SIGNATURE_SIZE)\n \n return 0;", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int ipmovie_probe(AVProbeData *p)\n\n{\n\n if (p->buf_size < IPMOVIE_SIGNATURE_SIZE)\n\n return 0;\n\n if (strncmp(p->buf, IPMOVIE_SIGNATURE, IPMOVIE_SIGNATURE_SIZE) != 0)\n\n return 0;\n\n\n\n return AVPROBE_SCORE_MAX;\n\n}\n"}}
{"sample_id": "20c334a797bf46a4ee59a6e42be6d5e7c3cda585", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,8 +1,8 @@\n static inline int16_t mipsdsp_sat_add_i16(int16_t a, int16_t b,\n \n CPUMIPSState *env)\n+\n+{\n \n int16_t tempS;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static inline int16_t mipsdsp_sat_add_i16(int16_t a, int16_t b,\n\n CPUMIPSState *env)\n\n{\n\n int16_t tempS;\n\n\n\n tempS = a + b;\n\n\n\n if (MIPSDSP_OVERFLOW(a, b, tempS, 0x8000)) {\n\n if (a > 0) {\n\n tempS = 0x7FFF;\n\n } else {\n\n tempS = 0x8000;\n\n }\n\n set_DSPControl_overflow_flag(1, 20, env);\n\n }\n\n\n\n return tempS;\n\n}\n"}}
{"sample_id": "120119225a5363f89822addb472085631d2157bc", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,5 +1,5 @@\n int avfilter_default_query_formats(AVFilterContext *ctx)\n+\n {\n \n enum AVMediaType type = ctx->inputs [0] ? ctx->inputs [0]->type :", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-89", "target_file": "source.c", "files": {"source.c": "int avfilter_default_query_formats(AVFilterContext *ctx)\n\n{\n\n enum AVMediaType type = ctx->inputs [0] ? ctx->inputs [0]->type :\n\n ctx->outputs[0] ? ctx->outputs[0]->type :\n\n AVMEDIA_TYPE_VIDEO;\n\n\n\n avfilter_set_common_formats(ctx, avfilter_all_formats(type));\n\n return 0;\n\n}\n"}}
{"sample_id": "7bd427d801e1e3293a634d3c83beadaa90ffb911", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,11 +12,11 @@\n \n len = qemu_chr_can_read(s->chr);\n \n+ if (len > s->out_fifo.count)\n+\n+ len = s->out_fifo.count;\n+\n+ if (len > 0) {\n \n if (len > sizeof(buf))\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void kbd_send_chars(void *opaque)\n\n{\n\n TextConsole *s = opaque;\n\n int len;\n\n uint8_t buf[16];\n\n\n\n len = qemu_chr_can_read(s->chr);\n\n if (len > s->out_fifo.count)\n\n len = s->out_fifo.count;\n\n if (len > 0) {\n\n if (len > sizeof(buf))\n\n len = sizeof(buf);\n\n qemu_fifo_read(&s->out_fifo, buf, len);\n\n qemu_chr_read(s->chr, buf, len);\n\n }\n\n /* characters are pending: we send them a bit later (XXX:\n\n horrible, should change char device API) */\n\n if (s->out_fifo.count > 0) {\n\n qemu_mod_timer(s->kbd_timer, qemu_get_clock(rt_clock) + 1);\n\n }\n\n}\n"}}
{"sample_id": "9be385980d37e8f4fd33f605f5fb1c3d144170a8", "diff": "--- a/source.c\n+++ b/source.c\n@@ -8,10 +8,10 @@\n \n \n \n+ guest_rtc = s->base_rtc * NANOSECONDS_PER_SECOND +\n+\n+ guest_clock - s->last_update + s->offset;\n+\n return guest_rtc;\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static uint64_t get_guest_rtc_ns(RTCState *s)\n\n{\n\n uint64_t guest_rtc;\n\n uint64_t guest_clock = qemu_clock_get_ns(rtc_clock);\n\n\n\n guest_rtc = s->base_rtc * NANOSECONDS_PER_SECOND +\n\n guest_clock - s->last_update + s->offset;\n\n return guest_rtc;\n\n}\n"}}
{"sample_id": "a8170e5e97ad17ca169c64ba87ae2f53850dab4c", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n static uint64_t omap_tipb_bridge_read(void *opaque, target_phys_addr_t addr,\n \n unsigned size)\n+\n+{\n+\n+ struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;\n+\n \n \n if (size < 2) {", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static uint64_t omap_tipb_bridge_read(void *opaque, target_phys_addr_t addr,\n\n unsigned size)\n\n{\n\n struct omap_tipb_bridge_s *s = (struct omap_tipb_bridge_s *) opaque;\n\n\n\n if (size < 2) {\n\n return omap_badwidth_read16(opaque, addr);\n\n }\n\n\n\n switch (addr) {\n\n case 0x00:\t/* TIPB_CNTL */\n\n return s->control;\n\n case 0x04:\t/* TIPB_BUS_ALLOC */\n\n return s->alloc;\n\n case 0x08:\t/* MPU_TIPB_CNTL */\n\n return s->buffer;\n\n case 0x0c:\t/* ENHANCED_TIPB_CNTL */\n\n return s->enh_control;\n\n case 0x10:\t/* ADDRESS_DBG */\n\n case 0x14:\t/* DATA_DEBUG_LOW */\n\n case 0x18:\t/* DATA_DEBUG_HIGH */\n\n return 0xffff;\n\n case 0x1c:\t/* DEBUG_CNTR_SIG */\n\n return 0x00f8;\n\n }\n\n\n\n OMAP_BAD_REG(addr);\n\n return 0;\n\n}\n"}}
{"sample_id": "1a3598aae768465a8efc8475b6df5a8261bc62fc", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n static int get_cod(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c,\n \n uint8_t *properties)\n+\n {\n+\n+ Jpeg2000CodingStyle tmp;\n+\n int compno;\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static int get_cod(Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c,\n\n uint8_t *properties)\n\n{\n\n Jpeg2000CodingStyle tmp;\n\n int compno;\n\n\n\n if (s->buf_end - s->buf < 5)\n\n return AVERROR_INVALIDDATA;\n\n\n\n tmp.log2_prec_width =\n\n tmp.log2_prec_height = 15;\n\n\n\n tmp.csty = bytestream_get_byte(&s->buf);\n\n\n\n // get progression order\n\n tmp.prog_order = bytestream_get_byte(&s->buf);\n\n\n\n tmp.nlayers = bytestream_get_be16(&s->buf);\n\n tmp.mct = bytestream_get_byte(&s->buf); // multiple component transformation\n\n\n\n get_cox(s, &tmp);\n\n for (compno = 0; compno < s->ncomponents; compno++)\n\n if (!(properties[compno] & HAD_COC))\n\n memcpy(c + compno, &tmp, sizeof(tmp));\n\n return 0;\n\n}\n"}}
{"sample_id": "2aab7c2dfaca4386c38e5d565cd2bf73096bcc86", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n void ff_put_h264_qpel16_mc11_msa(uint8_t *dst, const uint8_t *src,\n \n+ ptrdiff_t stride)\n+\n {\n \n avc_luma_hv_qrt_16w_msa(src - 2,", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void ff_put_h264_qpel16_mc11_msa(uint8_t *dst, const uint8_t *src,\n\n ptrdiff_t stride)\n\n{\n\n avc_luma_hv_qrt_16w_msa(src - 2,\n\n src - (stride * 2), stride, dst, stride, 16);\n\n}\n"}}
{"sample_id": "130257dc443574a9da91dc293665be2cfc40245a", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,11 +3,11 @@\n Error **errp)\n \n {\n+\n+ const char *device = qemu_opt_get(opts, \"path\");\n+\n+\n+\n if (device == NULL) {\n \n error_setg(errp, \"chardev: serial/tty: no device path given\");", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void qemu_chr_parse_serial(QemuOpts *opts, ChardevBackend *backend,\n\n Error **errp)\n\n{\n\n const char *device = qemu_opt_get(opts, \"path\");\n\n\n\n if (device == NULL) {\n\n error_setg(errp, \"chardev: serial/tty: no device path given\");\n\n return;\n\n }\n\n backend->serial = g_new0(ChardevHostdev, 1);\n\n backend->serial->device = g_strdup(device);\n\n}\n"}}
{"sample_id": "7f0278435df1fa845b3bd9556942f89296d4246b", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n const char *qdict_get_str(const QDict *qdict, const char *key)\n+\n+{\n \n QObject *obj = qdict_get_obj(qdict, key, QTYPE_QSTRING);\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "const char *qdict_get_str(const QDict *qdict, const char *key)\n\n{\n\n QObject *obj = qdict_get_obj(qdict, key, QTYPE_QSTRING);\n\n return qstring_get_str(qobject_to_qstring(obj));\n\n}\n"}}
{"sample_id": "621ff94d5074d88253a5818c6b9c4db718fbfc65", "diff": "--- a/source.c\n+++ b/source.c\n@@ -9,11 +9,11 @@\n Error *err = NULL;\n \n \n+\n+ qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));\n+\n+ object_property_set_bool(OBJECT(vdev), true, \"realized\", &err);\n+\n if (err) {\n \n error_propagate(errp, err);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void virtio_ccw_blk_realize(VirtioCcwDevice *ccw_dev, Error **errp)\n\n{\n\n VirtIOBlkCcw *dev = VIRTIO_BLK_CCW(ccw_dev);\n\n DeviceState *vdev = DEVICE(&dev->vdev);\n\n Error *err = NULL;\n\n\n\n qdev_set_parent_bus(vdev, BUS(&ccw_dev->bus));\n\n object_property_set_bool(OBJECT(vdev), true, \"realized\", &err);\n\n if (err) {\n\n error_propagate(errp, err);\n\n }\n\n}\n"}}
{"sample_id": "d9bce9d99f4656ae0b0127f7472db9067b8f84ab", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,8 +1,8 @@\n void do_POWER_dozo (void)\n+\n {\n \n+ if (Ts1 > Ts0) {\n \n T2 = T0;\n \n@@ -10,7 +10,7 @@\n \n if (((~T2) ^ T1 ^ (-1)) & ((~T2) ^ T0) & (1 << 31)) {\n \n+ xer_so = 1;\n \n xer_ov = 1;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "void do_POWER_dozo (void)\n\n{\n\n if (Ts1 > Ts0) {\n\n T2 = T0;\n\n T0 = T1 - T0;\n\n if (((~T2) ^ T1 ^ (-1)) & ((~T2) ^ T0) & (1 << 31)) {\n\n xer_so = 1;\n\n xer_ov = 1;\n\n } else {\n\n xer_ov = 0;\n\n }\n\n } else {\n\n T0 = 0;\n\n xer_ov = 0;\n\n }\n\n}\n"}}
{"sample_id": "17b74b98676aee5bc470b173b1e528d2fce2cf18", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,8 +1,8 @@\n void json_end_object(QJSON *json)\n \n {\n+\n+ qstring_append(json->str, \" }\");\n \n json->omit_comma = false;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void json_end_object(QJSON *json)\n\n{\n\n qstring_append(json->str, \" }\");\n\n json->omit_comma = false;\n\n}\n"}}
{"sample_id": "92e483f8ed70d88d4f64337f65bae212502735d4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n static int cmp(const void *a, const void *b)\n+\n+{\n \n const double va = *(const double *)a, vb = *(const double *)b;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "static int cmp(const void *a, const void *b)\n\n{\n\n const double va = *(const double *)a, vb = *(const double *)b;\n\n return va < vb ? -1 : ( va > vb ? 1 : 0 );\n\n}\n"}}
{"sample_id": "3ab9a2a5577d445252724af4067d2a7c8a378efa", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,4 +1,4 @@\n+static int rv40_h_loop_filter_strength(uint8_t *src, int stride,\n \n int beta, int beta2, int edge,\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static int rv40_h_loop_filter_strength(uint8_t *src, int stride,\n\n int beta, int beta2, int edge,\n\n int *p1, int *q1)\n\n{\n\n return rv40_loop_filter_strength(src, stride, 1, beta, beta2, edge, p1, q1);\n\n}\n"}}
{"sample_id": "6687b79d636cd60ed9adb1177d0d946b58fa7717", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,4 +1,4 @@\n+int net_init_bridge(QemuOpts *opts, const char *name, VLANState *vlan)\n \n {\n \n@@ -9,7 +9,7 @@\n \n \n if (!qemu_opt_get(opts, \"br\")) {\n+\n qemu_opt_set(opts, \"br\", DEFAULT_BRIDGE_INTERFACE);\n \n }", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "int net_init_bridge(QemuOpts *opts, const char *name, VLANState *vlan)\n\n{\n\n TAPState *s;\n\n int fd, vnet_hdr;\n\n\n\n if (!qemu_opt_get(opts, \"br\")) {\n\n qemu_opt_set(opts, \"br\", DEFAULT_BRIDGE_INTERFACE);\n\n }\n\n if (!qemu_opt_get(opts, \"helper\")) {\n\n qemu_opt_set(opts, \"helper\", DEFAULT_BRIDGE_HELPER);\n\n }\n\n\n\n fd = net_bridge_run_helper(qemu_opt_get(opts, \"helper\"),\n\n qemu_opt_get(opts, \"br\"));\n\n if (fd == -1) {\n\n return -1;\n\n }\n\n\n\n fcntl(fd, F_SETFL, O_NONBLOCK);\n\n\n\n vnet_hdr = tap_probe_vnet_hdr(fd);\n\n\n\n s = net_tap_fd_init(vlan, \"bridge\", name, fd, vnet_hdr);\n\n if (!s) {\n\n close(fd);\n\n return -1;\n\n }\n\n\n\n snprintf(s->nc.info_str, sizeof(s->nc.info_str), \"helper=%s,br=%s\",\n\n qemu_opt_get(opts, \"helper\"), qemu_opt_get(opts, \"br\"));\n\n\n\n return 0;\n\n}\n"}}
{"sample_id": "25c4d9cc845fb58f624dae8c0f690e20c70e7a1d", "diff": "--- a/source.c\n+++ b/source.c\n@@ -17,11 +17,11 @@\n #endif\n \n default:\n+\n+ fprintf(stderr, \"op_to_movi: unexpected return value of \"\n+\n+ \"function op_bits.\\n\");\n+\n tcg_abort();\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int op_to_movi(int op)\n\n{\n\n switch (op_bits(op)) {\n\n case 32:\n\n return INDEX_op_movi_i32;\n\n#if TCG_TARGET_REG_BITS == 64\n\n case 64:\n\n return INDEX_op_movi_i64;\n\n#endif\n\n default:\n\n fprintf(stderr, \"op_to_movi: unexpected return value of \"\n\n \"function op_bits.\\n\");\n\n tcg_abort();\n\n }\n\n}\n"}}
{"sample_id": "60fe637bf0e4d7989e21e50f52526444765c63b4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -3,11 +3,11 @@\n int64_t pos)\n \n {\n+\n+ QEMUFileSocket *s = opaque;\n+\n+ ssize_t len;\n+\n ssize_t size = iov_size(iov, iovcnt);\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static ssize_t socket_writev_buffer(void *opaque, struct iovec *iov, int iovcnt,\n\n int64_t pos)\n\n{\n\n QEMUFileSocket *s = opaque;\n\n ssize_t len;\n\n ssize_t size = iov_size(iov, iovcnt);\n\n\n\n len = iov_send(s->fd, iov, iovcnt, 0, size);\n\n if (len < size) {\n\n len = -socket_error();\n\n }\n\n return len;\n\n}\n"}}
{"sample_id": "37ad223c515da2fe9f1c679768cb5ccaa42e57e1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -28,11 +28,11 @@\n \n spcr->base_address.address = cpu_to_le64(uart_memmap->base);\n \n+\n+\n+ spcr->interrupt_types = (1 << 3); /* Bit[3] ARMH GIC interrupt */\n+\n+ spcr->gsi = cpu_to_le32(irq); /* Global System Interrupt */\n \n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "build_spcr(GArray *table_data, GArray *linker, VirtGuestInfo *guest_info)\n\n{\n\n AcpiSerialPortConsoleRedirection *spcr;\n\n const MemMapEntry *uart_memmap = &guest_info->memmap[VIRT_UART];\n\n int irq = guest_info->irqmap[VIRT_UART] + ARM_SPI_BASE;\n\n\n\n spcr = acpi_data_push(table_data, sizeof(*spcr));\n\n\n\n spcr->interface_type = 0x3; /* ARM PL011 UART */\n\n\n\n spcr->base_address.space_id = AML_SYSTEM_MEMORY;\n\n spcr->base_address.bit_width = 8;\n\n spcr->base_address.bit_offset = 0;\n\n spcr->base_address.access_width = 1;\n\n spcr->base_address.address = cpu_to_le64(uart_memmap->base);\n\n\n\n spcr->interrupt_types = (1 << 3); /* Bit[3] ARMH GIC interrupt */\n\n spcr->gsi = cpu_to_le32(irq); /* Global System Interrupt */\n\n\n\n spcr->baud = 3; /* Baud Rate: 3 = 9600 */\n\n spcr->parity = 0; /* No Parity */\n\n spcr->stopbits = 1; /* 1 Stop bit */\n\n spcr->flowctrl = (1 << 1); /* Bit[1] = RTS/CTS hardware flow control */\n\n spcr->term_type = 0; /* Terminal Type: 0 = VT100 */\n\n\n\n spcr->pci_device_id = 0xffff; /* PCI Device ID: not a PCI device */\n\n spcr->pci_vendor_id = 0xffff; /* PCI Vendor ID: not a PCI device */\n\n\n\n build_header(linker, table_data, (void *)spcr, \"SPCR\", sizeof(*spcr), 2,\n\n NULL);\n\n}\n"}}
{"sample_id": "f06b2031a31cdd3acf6f61a977e505b8c6b58f73", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n void ga_channel_free(GAChannel *c)\n+\n+{\n+\n+ if (c->method == GA_CHANNEL_UNIX_LISTEN\n+\n && c->listen_channel) {\n \n ga_channel_listen_close(c);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void ga_channel_free(GAChannel *c)\n\n{\n\n if (c->method == GA_CHANNEL_UNIX_LISTEN\n\n && c->listen_channel) {\n\n ga_channel_listen_close(c);\n\n }\n\n if (c->client_channel) {\n\n ga_channel_client_close(c);\n\n }\n\n g_free(c);\n\n}\n"}}
{"sample_id": "6470abc740367cc881c181db866891f8dd1d342f", "diff": "--- a/source.c\n+++ b/source.c\n@@ -23,11 +23,11 @@\n return ret;\n \n if (!master || !second) {\n+\n+ ret = AVERROR_BUG;\n+\n+ goto error;\n+\n }\n \n if (!s->palette_loaded) {", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int load_apply_palette(FFFrameSync *fs)\n\n{\n\n AVFilterContext *ctx = fs->parent;\n\n AVFilterLink *inlink = ctx->inputs[0];\n\n PaletteUseContext *s = ctx->priv;\n\n AVFrame *master, *second, *out;\n\n int ret;\n\n\n\n // writable for error diffusal dithering\n\n ret = ff_framesync_dualinput_get_writable(fs, &master, &second);\n\n if (ret < 0)\n\n return ret;\n\n if (!master || !second) {\n\n ret = AVERROR_BUG;\n\n goto error;\n\n }\n\n if (!s->palette_loaded) {\n\n load_palette(s, second);\n\n }\n\n out = apply_palette(inlink, master);\n\n return ff_filter_frame(ctx->outputs[0], out);\n\n\n\nerror:\n\n av_frame_free(&master);\n\n av_frame_free(&second);\n\n return ret;\n\n}\n"}}
{"sample_id": "d157ed5f7235f3d2d5596a514ad7507b18e24b88", "diff": "--- a/source.c\n+++ b/source.c\n@@ -21,11 +21,11 @@\n assert(bytes <= bs->bl.max_transfer);\n \n }\n+\n+\n+\n+ QSIMPLEQ_FOREACH(rule, &s->active_rules, active_next) {\n+\n uint64_t inject_offset = rule->options.inject.offset;\n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "blkdebug_co_preadv(BlockDriverState *bs, uint64_t offset, uint64_t bytes,\n\n QEMUIOVector *qiov, int flags)\n\n{\n\n BDRVBlkdebugState *s = bs->opaque;\n\n BlkdebugRule *rule = NULL;\n\n\n\n /* Sanity check block layer guarantees */\n\n assert(QEMU_IS_ALIGNED(offset, bs->bl.request_alignment));\n\n assert(QEMU_IS_ALIGNED(bytes, bs->bl.request_alignment));\n\n if (bs->bl.max_transfer) {\n\n assert(bytes <= bs->bl.max_transfer);\n\n }\n\n\n\n QSIMPLEQ_FOREACH(rule, &s->active_rules, active_next) {\n\n uint64_t inject_offset = rule->options.inject.offset;\n\n\n\n if (inject_offset == -1 ||\n\n (inject_offset >= offset && inject_offset < offset + bytes))\n\n {\n\n break;\n\n }\n\n }\n\n\n\n if (rule && rule->options.inject.error) {\n\n return inject_error(bs, rule);\n\n }\n\n\n\n return bdrv_co_preadv(bs->file, offset, bytes, qiov, flags);\n\n}\n"}}
{"sample_id": "0b8b8753e4d94901627b3e86431230f2319215c4", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n static void thread_pool_co_cb(void *opaque, int ret)\n \n {\n+\n ThreadPoolCo *co = opaque;\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "static void thread_pool_co_cb(void *opaque, int ret)\n\n{\n\n ThreadPoolCo *co = opaque;\n\n\n\n co->ret = ret;\n\n qemu_coroutine_enter(co->co, NULL);\n\n}\n"}}
{"sample_id": "fd97fd4408040a9a6dfaf2fdaeca1c566db6d0aa", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,12 +1,12 @@\n+static long gethugepagesize(const char *path, Error **errp)\n \n {\n \n+ struct statfs fs;\n \n int ret;\n+\n+\n \n do {\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-22", "target_file": "source.c", "files": {"source.c": "static long gethugepagesize(const char *path, Error **errp)\n\n{\n\n struct statfs fs;\n\n int ret;\n\n\n\n do {\n\n ret = statfs(path, &fs);\n\n } while (ret != 0 && errno == EINTR);\n\n\n\n if (ret != 0) {\n\n error_setg_errno(errp, errno, \"failed to get page size of file %s\",\n\n path);\n\n return 0;\n\n }\n\n\n\n return fs.f_bsize;\n\n}\n"}}
{"sample_id": "6ab3fc32ea640026726bc5f9f4db622d0954fb8a", "diff": "--- a/source.c\n+++ b/source.c\n@@ -5,7 +5,7 @@\n {\n \n ETRAXSerial *s = opaque;\n+\n uint32_t value = val64;\n \n unsigned char ch = val64;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "ser_write(void *opaque, hwaddr addr,\n\n uint64_t val64, unsigned int size)\n\n{\n\n ETRAXSerial *s = opaque;\n\n uint32_t value = val64;\n\n unsigned char ch = val64;\n\n\n\n D(qemu_log(\"%s \" TARGET_FMT_plx \"=%x\\n\", __func__, addr, value));\n\n addr >>= 2;\n\n switch (addr)\n\n {\n\n case RW_DOUT:\n\n qemu_chr_fe_write(s->chr, &ch, 1);\n\n s->regs[R_INTR] |= 3;\n\n s->pending_tx = 1;\n\n s->regs[addr] = value;\n\n break;\n\n case RW_ACK_INTR:\n\n if (s->pending_tx) {\n\n value &= ~1;\n\n s->pending_tx = 0;\n\n D(qemu_log(\"fixedup value=%x r_intr=%x\\n\",\n\n value, s->regs[R_INTR]));\n\n }\n\n s->regs[addr] = value;\n\n s->regs[R_INTR] &= ~value;\n\n D(printf(\"r_intr=%x\\n\", s->regs[R_INTR]));\n\n break;\n\n default:\n\n s->regs[addr] = value;\n\n break;\n\n }\n\n ser_update_irq(s);\n\n}\n"}}
{"sample_id": "e8dd1d9c396104f0fac4b39a701143df49df2a74", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n+static void netmap_update_fd_handler(NetmapState *s)\n+\n+{\n \n qemu_set_fd_handler2(s->me.fd,\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void netmap_update_fd_handler(NetmapState *s)\n\n{\n\n qemu_set_fd_handler2(s->me.fd,\n\n s->read_poll ? netmap_can_send : NULL,\n\n s->read_poll ? netmap_send : NULL,\n\n s->write_poll ? netmap_writable : NULL,\n\n s);\n\n}\n"}}
{"sample_id": "0c9d5b015c2022e8deebb93367f8ee8a8eb779e8", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,10 +1,10 @@\n static av_always_inline void fic_idct(int16_t *blk, int step, int shift, int rnd)\n+\n+{\n+\n+ const int t0 = 27246 * blk[3 * step] + 18405 * blk[5 * step];\n+\n+ const int t1 = 27246 * blk[5 * step] - 18405 * blk[3 * step];\n \n const int t2 = 6393 * blk[7 * step] + 32139 * blk[1 * step];\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static av_always_inline void fic_idct(int16_t *blk, int step, int shift, int rnd)\n\n{\n\n const int t0 = 27246 * blk[3 * step] + 18405 * blk[5 * step];\n\n const int t1 = 27246 * blk[5 * step] - 18405 * blk[3 * step];\n\n const int t2 = 6393 * blk[7 * step] + 32139 * blk[1 * step];\n\n const int t3 = 6393 * blk[1 * step] - 32139 * blk[7 * step];\n\n const unsigned t4 = 5793U * (t2 + t0 + 0x800 >> 12);\n\n const unsigned t5 = 5793U * (t3 + t1 + 0x800 >> 12);\n\n const unsigned t6 = t2 - t0;\n\n const unsigned t7 = t3 - t1;\n\n const unsigned t8 = 17734 * blk[2 * step] - 42813 * blk[6 * step];\n\n const unsigned t9 = 17734 * blk[6 * step] + 42814 * blk[2 * step];\n\n const unsigned tA = (blk[0 * step] - blk[4 * step]) * 32768 + rnd;\n\n const unsigned tB = (blk[0 * step] + blk[4 * step]) * 32768 + rnd;\n\n blk[0 * step] = (int)( t4 + t9 + tB) >> shift;\n\n blk[1 * step] = (int)( t6 + t7 + t8 + tA) >> shift;\n\n blk[2 * step] = (int)( t6 - t7 - t8 + tA) >> shift;\n\n blk[3 * step] = (int)( t5 - t9 + tB) >> shift;\n\n blk[4 * step] = (int)( -t5 - t9 + tB) >> shift;\n\n blk[5 * step] = (int)(-(t6 - t7) - t8 + tA) >> shift;\n\n blk[6 * step] = (int)(-(t6 + t7) + t8 + tA) >> shift;\n\n blk[7 * step] = (int)( -t4 + t9 + tB) >> shift;\n\n}\n"}}
{"sample_id": "86e574928536ee5249d9cf4da9f5d8714611d706", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n static char *var_read_string(AVIOContext *pb, int size)\n \n {\n+\n+ int n;\n+\n+ char *str = av_malloc(size + 1);\n+\n if (!str)\n \n return NULL;", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static char *var_read_string(AVIOContext *pb, int size)\n\n{\n\n int n;\n\n char *str = av_malloc(size + 1);\n\n if (!str)\n\n return NULL;\n\n n = avio_get_str(pb, size, str, size + 1);\n\n if (n < size)\n\n avio_skip(pb, size - n);\n\n return str;\n\n}\n"}}
{"sample_id": "3794d5482d74dc0031cee6d5be2c61c88ca723bd", "diff": "--- a/source.c\n+++ b/source.c\n@@ -53,11 +53,11 @@\n \n \n cpu_physical_memory_write(addr, &hdr, sizeof(hdr));\n+\n+ cpu_physical_memory_write(addr + sizeof(hdr), fdt, fdt_totalsize(fdt));\n+\n+ trace_spapr_cas_continue(fdt_totalsize(fdt) + sizeof(hdr));\n+\n g_free(fdt);\n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "int spapr_h_cas_compose_response(target_ulong addr, target_ulong size)\n\n{\n\n void *fdt, *fdt_skel;\n\n sPAPRDeviceTreeUpdateHeader hdr = { .version_id = 1 };\n\n\n\n size -= sizeof(hdr);\n\n\n\n /* Create sceleton */\n\n fdt_skel = g_malloc0(size);\n\n _FDT((fdt_create(fdt_skel, size)));\n\n _FDT((fdt_begin_node(fdt_skel, \"\")));\n\n _FDT((fdt_end_node(fdt_skel)));\n\n _FDT((fdt_finish(fdt_skel)));\n\n fdt = g_malloc0(size);\n\n _FDT((fdt_open_into(fdt_skel, fdt, size)));\n\n g_free(fdt_skel);\n\n\n\n /* Place to make changes to the tree */\n\n\n\n /* Pack resulting tree */\n\n _FDT((fdt_pack(fdt)));\n\n\n\n if (fdt_totalsize(fdt) + sizeof(hdr) > size) {\n\n trace_spapr_cas_failed(size);\n\n return -1;\n\n }\n\n\n\n cpu_physical_memory_write(addr, &hdr, sizeof(hdr));\n\n cpu_physical_memory_write(addr + sizeof(hdr), fdt, fdt_totalsize(fdt));\n\n trace_spapr_cas_continue(fdt_totalsize(fdt) + sizeof(hdr));\n\n g_free(fdt);\n\n\n\n return 0;\n\n}\n"}}
{"sample_id": "cb78d14cf9b5ab59b4a9177f390f5e1abff58644", "diff": "--- a/source.c\n+++ b/source.c\n@@ -16,11 +16,11 @@\n \n break;\n \n+ case AVCOL_RANGE_JPEG:\n+\n+ *off = 0;\n+\n+ *y_rng = *uv_rng = (256 << (depth - 8)) - 1;\n \n break;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int get_range_off(int *off, int *y_rng, int *uv_rng,\n\n enum AVColorRange rng, int depth)\n\n{\n\n switch (rng) {\n\n case AVCOL_RANGE_MPEG:\n\n *off = 16 << (depth - 8);\n\n *y_rng = 219 << (depth - 8);\n\n *uv_rng = 224 << (depth - 8);\n\n break;\n\n case AVCOL_RANGE_JPEG:\n\n *off = 0;\n\n *y_rng = *uv_rng = (256 << (depth - 8)) - 1;\n\n break;\n\n default:\n\n return AVERROR(EINVAL);\n\n }\n\n\n\n return 0;\n\n}\n"}}
{"sample_id": "67335a4558d3cad2173aac0ce13b6c096b077c41", "diff": "--- a/source.c\n+++ b/source.c\n@@ -28,11 +28,11 @@\n if (bkt->avg > THROTTLE_VALUE_MAX || bkt->max > THROTTLE_VALUE_MAX) {\n error_setg(errp, \"bps/iops/max values must be within [0, %lld]\",\n THROTTLE_VALUE_MAX);\n+ if (!bkt->burst_length) {\n+ error_setg(errp, \"the burst length cannot be 0\");\n+ if (bkt->burst_length > 1 && !bkt->max) {\n+ error_setg(errp, \"burst length set without burst rate\");\n+ if (bkt->max && !bkt->avg) {\n error_setg(errp, \"bps_max/iops_max require corresponding\"\n \" bps/iops values\");\n if (bkt->max && bkt->max < bkt->avg) {", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "bool throttle_is_valid(ThrottleConfig *cfg, Error **errp)\n{\n int i;\n bool bps_flag, ops_flag;\n bool bps_max_flag, ops_max_flag;\n bps_flag = cfg->buckets[THROTTLE_BPS_TOTAL].avg &&\n (cfg->buckets[THROTTLE_BPS_READ].avg ||\n cfg->buckets[THROTTLE_BPS_WRITE].avg);\n ops_flag = cfg->buckets[THROTTLE_OPS_TOTAL].avg &&\n (cfg->buckets[THROTTLE_OPS_READ].avg ||\n cfg->buckets[THROTTLE_OPS_WRITE].avg);\n bps_max_flag = cfg->buckets[THROTTLE_BPS_TOTAL].max &&\n (cfg->buckets[THROTTLE_BPS_READ].max ||\n cfg->buckets[THROTTLE_BPS_WRITE].max);\n ops_max_flag = cfg->buckets[THROTTLE_OPS_TOTAL].max &&\n (cfg->buckets[THROTTLE_OPS_READ].max ||\n cfg->buckets[THROTTLE_OPS_WRITE].max);\n if (bps_flag || ops_flag || bps_max_flag || ops_max_flag) {\n error_setg(errp, \"bps/iops/max total values and read/write values\"\n \" cannot be used at the same time\");\n if (cfg->op_size &&\n !cfg->buckets[THROTTLE_OPS_TOTAL].avg &&\n !cfg->buckets[THROTTLE_OPS_READ].avg &&\n !cfg->buckets[THROTTLE_OPS_WRITE].avg) {\n error_setg(errp, \"iops size requires an iops value to be set\");\n for (i = 0; i < BUCKETS_COUNT; i++) {\n LeakyBucket *bkt = &cfg->buckets[i];\n if (bkt->avg > THROTTLE_VALUE_MAX || bkt->max > THROTTLE_VALUE_MAX) {\n error_setg(errp, \"bps/iops/max values must be within [0, %lld]\",\n THROTTLE_VALUE_MAX);\n if (!bkt->burst_length) {\n error_setg(errp, \"the burst length cannot be 0\");\n if (bkt->burst_length > 1 && !bkt->max) {\n error_setg(errp, \"burst length set without burst rate\");\n if (bkt->max && !bkt->avg) {\n error_setg(errp, \"bps_max/iops_max require corresponding\"\n \" bps/iops values\");\n if (bkt->max && bkt->max < bkt->avg) {\n error_setg(errp, \"bps_max/iops_max cannot be lower than bps/iops\");\n return true;"}}
{"sample_id": "5b185639c5740998de403415c749ac98e13418fd", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n+static inline uint64_t cksm_overflow(uint64_t cksm)\n+\n+{\n+\n if (cksm > 0xffffffffULL) {\n+\n cksm &= 0xffffffffULL;\n \n cksm++;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static inline uint64_t cksm_overflow(uint64_t cksm)\n\n{\n\n if (cksm > 0xffffffffULL) {\n\n cksm &= 0xffffffffULL;\n\n cksm++;\n\n }\n\n return cksm;\n\n}\n"}}
{"sample_id": "e1833e1f96456fd8fc17463246fe0b2050e68efb", "diff": "--- a/source.c\n+++ b/source.c\n@@ -5,10 +5,10 @@\n if (!likely(!(((int64_t)T0 < (int64_t)T1 && (flags & 0x10)) ||\n \n ((int64_t)T0 > (int64_t)T1 && (flags & 0x08)) ||\n+\n+ ((int64_t)T0 == (int64_t)T1 && (flags & 0x04)) ||\n+\n+ ((uint64_t)T0 < (uint64_t)T1 && (flags & 0x02)) ||\n \n ((uint64_t)T0 > (uint64_t)T1 && (flags & 0x01)))))\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void do_td (int flags)\n\n{\n\n if (!likely(!(((int64_t)T0 < (int64_t)T1 && (flags & 0x10)) ||\n\n ((int64_t)T0 > (int64_t)T1 && (flags & 0x08)) ||\n\n ((int64_t)T0 == (int64_t)T1 && (flags & 0x04)) ||\n\n ((uint64_t)T0 < (uint64_t)T1 && (flags & 0x02)) ||\n\n ((uint64_t)T0 > (uint64_t)T1 && (flags & 0x01)))))\n\n do_raise_exception_err(EXCP_PROGRAM, EXCP_TRAP);\n\n}\n"}}
{"sample_id": "cc05c43ad942165ecc6ffd39e41991bee43af044", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n+static void memory_region_read_accessor(MemoryRegion *mr,\n+\n hwaddr addr,\n \n uint64_t *value,\n+\n unsigned size,\n \n unsigned shift,", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static void memory_region_read_accessor(MemoryRegion *mr,\n\n hwaddr addr,\n\n uint64_t *value,\n\n unsigned size,\n\n unsigned shift,\n\n uint64_t mask)\n\n{\n\n uint64_t tmp;\n\n\n\n if (mr->flush_coalesced_mmio) {\n\n qemu_flush_coalesced_mmio_buffer();\n\n }\n\n tmp = mr->ops->read(mr->opaque, addr, size);\n\n trace_memory_region_ops_read(mr, addr, tmp, size);\n\n *value |= (tmp & mask) << shift;\n\n}\n"}}
{"sample_id": "af7e9e74c6a62a5bcd911726a9e88d28b61490e0", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,9 +12,9 @@\n \n /* Initialise controller registers */\n \n+ opp->frep = ((opp->nb_irqs - 1) << FREP_NIRQ_SHIFT) |\n \n+ ((opp->nb_cpus - 1) << FREP_NCPU_SHIFT) |\n \n (opp->vid << FREP_VID_SHIFT);\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static void openpic_reset(DeviceState *d)\n\n{\n\n OpenPICState *opp = FROM_SYSBUS(typeof (*opp), sysbus_from_qdev(d));\n\n int i;\n\n\n\n opp->glbc = GLBC_RESET;\n\n /* Initialise controller registers */\n\n opp->frep = ((opp->nb_irqs - 1) << FREP_NIRQ_SHIFT) |\n\n ((opp->nb_cpus - 1) << FREP_NCPU_SHIFT) |\n\n (opp->vid << FREP_VID_SHIFT);\n\n\n\n opp->pint = 0;\n\n opp->spve = -1 & opp->vector_mask;\n\n opp->tifr = opp->tifr_reset;\n\n /* Initialise IRQ sources */\n\n for (i = 0; i < opp->max_irq; i++) {\n\n opp->src[i].ipvp = opp->ipvp_reset;\n\n opp->src[i].ide = opp->ide_reset;\n\n }\n\n /* Initialise IRQ destinations */\n\n for (i = 0; i < MAX_CPU; i++) {\n\n opp->dst[i].pctp = 15;\n\n memset(&opp->dst[i].raised, 0, sizeof(IRQ_queue_t));\n\n opp->dst[i].raised.next = -1;\n\n memset(&opp->dst[i].servicing, 0, sizeof(IRQ_queue_t));\n\n opp->dst[i].servicing.next = -1;\n\n }\n\n /* Initialise timers */\n\n for (i = 0; i < MAX_TMR; i++) {\n\n opp->timers[i].ticc = 0;\n\n opp->timers[i].tibc = TIBC_CI;\n\n }\n\n /* Go out of RESET state */\n\n opp->glbc = 0;\n\n}\n"}}
{"sample_id": "ba3ecda05e933acf6fff618716b6f6d2ed6a5a07", "diff": "--- a/source.c\n+++ b/source.c\n@@ -9,11 +9,11 @@\n mmubooke_dump_mmu(f, cpu_fprintf, env);\n \n break;\n+\n+ case POWERPC_MMU_BOOKE206:\n+\n+ mmubooke206_dump_mmu(f, cpu_fprintf, env);\n+\n break;\n \n case POWERPC_MMU_SOFT_6xx:", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "void dump_mmu(FILE *f, fprintf_function cpu_fprintf, CPUPPCState *env)\n\n{\n\n switch (env->mmu_model) {\n\n case POWERPC_MMU_BOOKE:\n\n mmubooke_dump_mmu(f, cpu_fprintf, env);\n\n break;\n\n case POWERPC_MMU_BOOKE206:\n\n mmubooke206_dump_mmu(f, cpu_fprintf, env);\n\n break;\n\n case POWERPC_MMU_SOFT_6xx:\n\n case POWERPC_MMU_SOFT_74xx:\n\n mmu6xx_dump_mmu(f, cpu_fprintf, env);\n\n break;\n\n#if defined(TARGET_PPC64)\n\n case POWERPC_MMU_64B:\n\n case POWERPC_MMU_2_03:\n\n case POWERPC_MMU_2_06:\n\n\n case POWERPC_MMU_2_07:\n\n\n dump_slb(f, cpu_fprintf, env);\n\n break;\n\n#endif\n\n default:\n\n qemu_log_mask(LOG_UNIMP, \"%s: unimplemented\\n\", __func__);\n\n }\n\n}"}}
{"sample_id": "7372c2b926200db295412efbb53f93773b7f1754", "diff": "--- a/source.c\n+++ b/source.c\n@@ -6,13 +6,13 @@\n \n int index = IS_USER(s);\n \n+ s->is_mem = 1;\n \n tmp = tcg_temp_new_i32();\n \n switch(opsize) {\n \n+ case OS_BYTE:\n \n if (sign)\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static inline TCGv gen_load(DisasContext * s, int opsize, TCGv addr, int sign)\n\n{\n\n TCGv tmp;\n\n int index = IS_USER(s);\n\n s->is_mem = 1;\n\n tmp = tcg_temp_new_i32();\n\n switch(opsize) {\n\n case OS_BYTE:\n\n if (sign)\n\n tcg_gen_qemu_ld8s(tmp, addr, index);\n\n else\n\n tcg_gen_qemu_ld8u(tmp, addr, index);\n\n break;\n\n case OS_WORD:\n\n if (sign)\n\n tcg_gen_qemu_ld16s(tmp, addr, index);\n\n else\n\n tcg_gen_qemu_ld16u(tmp, addr, index);\n\n break;\n\n case OS_LONG:\n\n case OS_SINGLE:\n\n tcg_gen_qemu_ld32u(tmp, addr, index);\n\n break;\n\n default:\n\n qemu_assert(0, \"bad load size\");\n\n }\n\n gen_throws_exception = gen_last_qop;\n\n return tmp;\n\n}\n"}}
{"sample_id": "c2b38b277a7882a592f4f2ec955084b2b756daaa", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,4 +4,4 @@\n \n g_source_unref(&ctx->source);\n \n+}", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void aio_context_unref(AioContext *ctx)\n\n{\n\n g_source_unref(&ctx->source);\n\n}\n"}}
{"sample_id": "4be746345f13e99e468c60acbd3a355e8183e3ce", "diff": "--- a/source.c\n+++ b/source.c\n@@ -15,11 +15,11 @@\n }\n \n \n+\n+ ide_cmd_lba48_transform(s, lba48);\n+\n+ ide_sector_start_dma(s, IDE_DMA_READ);\n+\n \n \n return false;", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static bool cmd_read_dma(IDEState *s, uint8_t cmd)\n\n{\n\n bool lba48 = (cmd == WIN_READDMA_EXT);\n\n\n\n if (!s->bs) {\n\n ide_abort_command(s);\n\n return true;\n\n }\n\n\n\n ide_cmd_lba48_transform(s, lba48);\n\n ide_sector_start_dma(s, IDE_DMA_READ);\n\n\n\n return false;\n\n}\n"}}
{"sample_id": "d73cd8f4ea1c2944bd16f7a1c445eaa25c9e6e26", "diff": "--- a/source.c\n+++ b/source.c\n@@ -30,11 +30,11 @@\n \n fprintf(stderr, \"emulation failure\\n\");\n \n+ if (!kvm_arch_stop_on_emulation_error(env)) {\n+\n+ cpu_dump_state(env, stderr, fprintf, CPU_DUMP_CODE);\n+\n+ return 0;\n \n }\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int kvm_handle_internal_error(CPUState *env, struct kvm_run *run)\n\n{\n\n fprintf(stderr, \"KVM internal error.\");\n\n if (kvm_check_extension(kvm_state, KVM_CAP_INTERNAL_ERROR_DATA)) {\n\n int i;\n\n\n\n fprintf(stderr, \" Suberror: %d\\n\", run->internal.suberror);\n\n for (i = 0; i < run->internal.ndata; ++i) {\n\n fprintf(stderr, \"extra data[%d]: %\"PRIx64\"\\n\",\n\n i, (uint64_t)run->internal.data[i]);\n\n }\n\n } else {\n\n fprintf(stderr, \"\\n\");\n\n }\n\n if (run->internal.suberror == KVM_INTERNAL_ERROR_EMULATION) {\n\n fprintf(stderr, \"emulation failure\\n\");\n\n if (!kvm_arch_stop_on_emulation_error(env)) {\n\n cpu_dump_state(env, stderr, fprintf, CPU_DUMP_CODE);\n\n return 0;\n\n }\n\n }\n\n /* FIXME: Should trigger a qmp message to let management know\n\n * something went wrong.\n\n */\n\n return -1;\n\n}\n"}}
{"sample_id": "8607f5c3072caeebbe0217df28651fffd3a79fd9", "diff": "--- a/source.c\n+++ b/source.c\n@@ -12,11 +12,11 @@\n \n qemu_get_buffer(f, (uint8_t *)&data, sizeof(VirtQueueElementOld));\n \n+\n+\n+ elem = virtqueue_alloc_element(sz, data.out_num, data.in_num);\n+\n+ elem->index = data.index;\n \n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void *qemu_get_virtqueue_element(QEMUFile *f, size_t sz)\n\n{\n\n VirtQueueElement *elem;\n\n VirtQueueElementOld data;\n\n int i;\n\n\n\n qemu_get_buffer(f, (uint8_t *)&data, sizeof(VirtQueueElementOld));\n\n\n\n elem = virtqueue_alloc_element(sz, data.out_num, data.in_num);\n\n elem->index = data.index;\n\n\n\n for (i = 0; i < elem->in_num; i++) {\n\n elem->in_addr[i] = data.in_addr[i];\n\n }\n\n\n\n for (i = 0; i < elem->out_num; i++) {\n\n elem->out_addr[i] = data.out_addr[i];\n\n }\n\n\n\n for (i = 0; i < elem->in_num; i++) {\n\n /* Base is overwritten by virtqueue_map. */\n\n elem->in_sg[i].iov_base = 0;\n\n elem->in_sg[i].iov_len = data.in_sg[i].iov_len;\n\n }\n\n\n\n for (i = 0; i < elem->out_num; i++) {\n\n /* Base is overwritten by virtqueue_map. */\n\n elem->out_sg[i].iov_base = 0;\n\n elem->out_sg[i].iov_len = data.out_sg[i].iov_len;\n\n }\n\n\n\n virtqueue_map(elem);\n\n return elem;\n\n}\n"}}
{"sample_id": "a879125b47c3ae554c01824f996a64a45a86556e", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,5 +1,5 @@\n static uint16_t qpci_pc_config_readw(QPCIBus *bus, int devfn, uint8_t offset)\n+\n {\n \n outl(0xcf8, (1 << 31) | (devfn << 8) | offset);", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static uint16_t qpci_pc_config_readw(QPCIBus *bus, int devfn, uint8_t offset)\n\n{\n\n outl(0xcf8, (1 << 31) | (devfn << 8) | offset);\n\n return inw(0xcfc);\n\n}\n"}}
{"sample_id": "4f4321c11ff6e98583846bfd6f0e81954924b003", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,10 +1,10 @@\n static void softusb_usbdev_datain(void *opaque)\n \n {\n+\n+ MilkymistSoftUsbState *s = opaque;\n+\n+\n \n USBPacket p;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static void softusb_usbdev_datain(void *opaque)\n\n{\n\n MilkymistSoftUsbState *s = opaque;\n\n\n\n USBPacket p;\n\n\n\n p.pid = USB_TOKEN_IN;\n\n p.devep = 1;\n\n p.data = s->kbd_usb_buffer;\n\n p.len = sizeof(s->kbd_usb_buffer);\n\n s->usbdev->info->handle_data(s->usbdev, &p);\n\n\n\n softusb_kbd_changed(s);\n\n}\n"}}
{"sample_id": "880a7578381d1c7ed4d41c7599ae3cc06567a824", "diff": "--- a/source.c\n+++ b/source.c\n@@ -10,11 +10,11 @@\n \n s = &gdbserver_state;\n \n+ if (gdbserver_fd < 0 || s->fd < 0)\n+\n+ return;\n+\n+\n \n snprintf(buf, sizeof(buf), \"W%02x\", code);\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void gdb_exit(CPUState *env, int code)\n\n{\n\n GDBState *s;\n\n char buf[4];\n\n\n\n s = &gdbserver_state;\n\n if (gdbserver_fd < 0 || s->fd < 0)\n\n return;\n\n\n\n snprintf(buf, sizeof(buf), \"W%02x\", code);\n\n put_packet(s, buf);\n\n}\n"}}
{"sample_id": "7bd427d801e1e3293a634d3c83beadaa90ffb911", "diff": "--- a/source.c\n+++ b/source.c\n@@ -11,7 +11,7 @@\n vnc_dpy_resize(vd->ds);\n \n vnc_refresh(vd);\n+\n+ }\n+\n+}", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void vnc_init_timer(VncDisplay *vd)\n\n{\n\n vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;\n\n if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {\n\n vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);\n\n vnc_dpy_resize(vd->ds);\n\n vnc_refresh(vd);\n\n }\n\n}\n"}}
{"sample_id": "2dc7fdf33d28940255f171b8ea4b692d9d5b7a7d", "diff": "--- a/source.c\n+++ b/source.c\n@@ -24,9 +24,9 @@\n d->length = o->stat.st_size;\n \n d->alloc = 512;\n+\n+ d->data = g_malloc(d->alloc);\n+\n+ return d;\n+\n }", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static MTPData *usb_mtp_get_object(MTPState *s, MTPControl *c,\n\n MTPObject *o)\n\n{\n\n MTPData *d = usb_mtp_data_alloc(c);\n\n\n\n trace_usb_mtp_op_get_object(s->dev.addr, o->handle, o->path);\n\n\n\n d->fd = open(o->path, O_RDONLY);\n\n if (d->fd == -1) {\n\n\n return NULL;\n\n }\n\n d->length = o->stat.st_size;\n\n d->alloc = 512;\n\n d->data = g_malloc(d->alloc);\n\n return d;\n\n}"}}
{"sample_id": "c2b38b277a7882a592f4f2ec955084b2b756daaa", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,6 +2,6 @@\n \n {\n \n+ return timerlist_run_timers(main_loop_tlg.tl[type]);\n \n }", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "bool qemu_clock_run_timers(QEMUClockType type)\n\n{\n\n return timerlist_run_timers(main_loop_tlg.tl[type]);\n\n}\n"}}
{"sample_id": "cdcab9d94101a6dd9ac8136c6f2cd15b6a997896", "diff": "--- a/source.c\n+++ b/source.c\n@@ -43,11 +43,11 @@\n \n }\n \n+\n+\n+ memory_region_init_alias(&nvdimm->nvdimm_mr, OBJECT(dimm),\n+\n+ \"nvdimm-memory\", mr, 0, pmem_size);\n \n nvdimm->nvdimm_mr.align = align;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-22", "target_file": "source.c", "files": {"source.c": "static void nvdimm_realize(PCDIMMDevice *dimm, Error **errp)\n\n{\n\n MemoryRegion *mr = host_memory_backend_get_memory(dimm->hostmem, errp);\n\n NVDIMMDevice *nvdimm = NVDIMM(dimm);\n\n uint64_t align, pmem_size, size = memory_region_size(mr);\n\n\n\n align = memory_region_get_alignment(mr);\n\n\n\n pmem_size = size - nvdimm->label_size;\n\n nvdimm->label_data = memory_region_get_ram_ptr(mr) + pmem_size;\n\n pmem_size = QEMU_ALIGN_DOWN(pmem_size, align);\n\n\n\n if (size <= nvdimm->label_size || !pmem_size) {\n\n HostMemoryBackend *hostmem = dimm->hostmem;\n\n char *path = object_get_canonical_path_component(OBJECT(hostmem));\n\n\n\n error_setg(errp, \"the size of memdev %s (0x%\" PRIx64 \") is too \"\n\n \"small to contain nvdimm label (0x%\" PRIx64 \") and \"\n\n \"aligned PMEM (0x%\" PRIx64 \")\",\n\n path, memory_region_size(mr), nvdimm->label_size, align);\n\n\n return;\n\n }\n\n\n\n memory_region_init_alias(&nvdimm->nvdimm_mr, OBJECT(dimm),\n\n \"nvdimm-memory\", mr, 0, pmem_size);\n\n nvdimm->nvdimm_mr.align = align;\n\n}"}}
{"sample_id": "2374e73edafff0586cbfb67c333c5a7588f81fd5", "diff": "--- a/source.c\n+++ b/source.c\n@@ -13,11 +13,11 @@\n mmu_idx = cpu_mmu_index(env);\n \n index = (virtaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);\n+\n+ redo:\n+\n+ tlb_addr = env->tlb_table[mmu_idx][index].addr_write;\n+\n if ((virtaddr & TARGET_PAGE_MASK) ==\n \n (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "uint64_t helper_st_virt_to_phys (uint64_t virtaddr)\n\n{\n\n uint64_t tlb_addr, physaddr;\n\n int index, mmu_idx;\n\n void *retaddr;\n\n\n\n mmu_idx = cpu_mmu_index(env);\n\n index = (virtaddr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1);\n\n redo:\n\n tlb_addr = env->tlb_table[mmu_idx][index].addr_write;\n\n if ((virtaddr & TARGET_PAGE_MASK) ==\n\n (tlb_addr & (TARGET_PAGE_MASK | TLB_INVALID_MASK))) {\n\n physaddr = virtaddr + env->tlb_table[mmu_idx][index].addend;\n\n } else {\n\n /* the page is not in the TLB : fill it */\n\n retaddr = GETPC();\n\n tlb_fill(virtaddr, 1, mmu_idx, retaddr);\n\n goto redo;\n\n }\n\n return physaddr;\n\n}\n"}}
{"sample_id": "794cbc26eb94ce13c75d105eea9ff0afff56e2c2", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n SDState *sd_init(BlockDriverState *bs, bool is_spi)\n \n+{\n \n SDState *sd;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "SDState *sd_init(BlockDriverState *bs, bool is_spi)\n\n{\n\n SDState *sd;\n\n\n\n if (bdrv_is_read_only(bs)) {\n\n fprintf(stderr, \"sd_init: Cannot use read-only drive\\n\");\n\n return NULL;\n\n }\n\n\n\n sd = (SDState *) g_malloc0(sizeof(SDState));\n\n sd->buf = qemu_blockalign(bs, 512);\n\n sd->spi = is_spi;\n\n sd->enable = true;\n\n sd_reset(sd, bs);\n\n if (sd->bdrv) {\n\n bdrv_attach_dev_nofail(sd->bdrv, sd);\n\n bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);\n\n }\n\n vmstate_register(NULL, -1, &sd_vmstate, sd);\n\n return sd;\n\n}\n"}}
{"sample_id": "2bf4aa2e937737deb781706673f806d4388cf796", "diff": "--- a/source.c\n+++ b/source.c\n@@ -32,11 +32,11 @@\n \n uint64_t min1v = h[0].val;\n \n+ up[h[0].name] = next;\n+\n+ h[0].val = INT64_MAX;\n+\n+ heap_sift(h, 0, size);\n \n up[h[0].name] = next;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void generate_len_table(uint8_t *dst, uint64_t *stats, int size){\n\n heap_elem_t h[size];\n\n int up[2*size];\n\n int len[2*size];\n\n int offset, i, next;\n\n\n\n for(offset=1; ; offset<<=1){\n\n for(i=0; i<size; i++){\n\n h[i].name = i;\n\n h[i].val = (stats[i] << 8) + offset;\n\n }\n\n for(i=size/2-1; i>=0; i--)\n\n heap_sift(h, i, size);\n\n\n\n for(next=size; next<size*2-1; next++){\n\n // merge the two smallest entries, and put it back in the heap\n\n uint64_t min1v = h[0].val;\n\n up[h[0].name] = next;\n\n h[0].val = INT64_MAX;\n\n heap_sift(h, 0, size);\n\n up[h[0].name] = next;\n\n h[0].name = next;\n\n h[0].val += min1v;\n\n heap_sift(h, 0, size);\n\n }\n\n\n\n len[2*size-2] = 0;\n\n for(i=2*size-3; i>=size; i--)\n\n len[i] = len[up[i]] + 1;\n\n for(i=0; i<size; i++) {\n\n dst[i] = len[up[i]] + 1;\n\n if(dst[i] > 32) break;\n\n }\n\n if(i==size) break;\n\n }\n\n}\n"}}
{"sample_id": "ac531cb6e542b1e61d668604adf9dc5306a948c0", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,5 +1,5 @@\n START_TEST(qobject_to_qdict_test)\n+\n {\n \n fail_unless(qobject_to_qdict(QOBJECT(tests_dict)) == tests_dict);", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "START_TEST(qobject_to_qdict_test)\n\n{\n\n fail_unless(qobject_to_qdict(QOBJECT(tests_dict)) == tests_dict);\n\n}\n"}}
{"sample_id": "aa638b4600e1fa7a1b64323b8228c459af644a47", "diff": "--- a/source.c\n+++ b/source.c\n@@ -43,10 +43,10 @@\n goto fail;\n av_set_pts_info(st, 64, framerate.den, framerate.num);\n st->codec->width = width;\n+ st->codec->height = height;\n+ st->codec->pix_fmt = pix_fmt;\n+fail:\n+ return ret;\n+ default:\n return -1;\n return 0;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "int ff_raw_read_header(AVFormatContext *s, AVFormatParameters *ap)\n{\n AVStream *st;\n enum CodecID id;\n st = avformat_new_stream(s, NULL);\n if (!st)\n return AVERROR(ENOMEM);\n id = s->iformat->value;\n if (id == CODEC_ID_RAWVIDEO) {\n st->codec->codec_type = AVMEDIA_TYPE_VIDEO;\n } else {\n st->codec->codec_type = AVMEDIA_TYPE_AUDIO;\n st->codec->codec_id = id;\n switch(st->codec->codec_type) {\n case AVMEDIA_TYPE_AUDIO: {\n RawAudioDemuxerContext *s1 = s->priv_data;\n st->codec->channels = 1;\n if (id == CODEC_ID_ADPCM_G722)\n st->codec->sample_rate = 16000;\n if (s1 && s1->sample_rate)\n st->codec->sample_rate = s1->sample_rate;\n if (s1 && s1->channels)\n st->codec->channels = s1->channels;\n st->codec->bits_per_coded_sample = av_get_bits_per_sample(st->codec->codec_id);\n assert(st->codec->bits_per_coded_sample > 0);\n st->codec->block_align = st->codec->bits_per_coded_sample*st->codec->channels/8;\n av_set_pts_info(st, 64, 1, st->codec->sample_rate);\n break;\n case AVMEDIA_TYPE_VIDEO: {\n FFRawVideoDemuxerContext *s1 = s->priv_data;\n int width = 0, height = 0, ret = 0;\n enum PixelFormat pix_fmt;\n AVRational framerate;\n if (s1->video_size && (ret = av_parse_video_size(&width, &height, s1->video_size)) < 0) {\n av_log(s, AV_LOG_ERROR, \"Couldn't parse video size.\\n\");\n goto fail;\n if ((pix_fmt = av_get_pix_fmt(s1->pixel_format)) == PIX_FMT_NONE) {\n av_log(s, AV_LOG_ERROR, \"No such pixel format: %s.\\n\", s1->pixel_format);\n ret = AVERROR(EINVAL);\n goto fail;\n if ((ret = av_parse_video_rate(&framerate, s1->framerate)) < 0) {\n av_log(s, AV_LOG_ERROR, \"Could not parse framerate: %s.\\n\", s1->framerate);\n goto fail;\n av_set_pts_info(st, 64, framerate.den, framerate.num);\n st->codec->width = width;\n st->codec->height = height;\n st->codec->pix_fmt = pix_fmt;\nfail:\n return ret;\n default:\n return -1;\n return 0;"}}
{"sample_id": "6f2d8978728c48ca46f5c01835438508aace5c64", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,9 +1,9 @@\n void do_POWER_divso (void)\n+\n+{\n \n if (((int32_t)T0 == INT32_MIN && (int32_t)T1 == -1) || (int32_t)T1 == 0) {\n+\n T0 = (long)((-1) * (T0 >> 31));\n \n env->spr[SPR_MQ] = 0;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "void do_POWER_divso (void)\n\n{\n\n if (((int32_t)T0 == INT32_MIN && (int32_t)T1 == -1) || (int32_t)T1 == 0) {\n\n T0 = (long)((-1) * (T0 >> 31));\n\n env->spr[SPR_MQ] = 0;\n\n xer_ov = 1;\n\n xer_so = 1;\n\n } else {\n\n T0 = (int32_t)T0 / (int32_t)T1;\n\n env->spr[SPR_MQ] = (int32_t)T0 % (int32_t)T1;\n\n xer_ov = 0;\n\n }\n\n}\n"}}
{"sample_id": "c9fe0caf7a1abde7ca0b1a359f551103064867b1", "diff": "--- a/source.c\n+++ b/source.c\n@@ -2,11 +2,11 @@\n \n ptrdiff_t stride)\n \n+{\n+\n+ int x, y;\n+\n+ pixel *dst = (pixel *)_dst;\n \n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void FUNC(transquant_bypass32x32)(uint8_t *_dst, int16_t *coeffs,\n\n ptrdiff_t stride)\n\n{\n\n int x, y;\n\n pixel *dst = (pixel *)_dst;\n\n\n\n stride /= sizeof(pixel);\n\n\n\n for (y = 0; y < 32; y++) {\n\n for (x = 0; x < 32; x++) {\n\n dst[x] += *coeffs;\n\n coeffs++;\n\n }\n\n dst += stride;\n\n }\n\n}\n"}}
{"sample_id": "f19442c069929727b19c948619488370d279e177", "diff": "--- a/source.c\n+++ b/source.c\n@@ -5,7 +5,7 @@\n int i, idx = 0, sum = 0;\n \n for (i = N - 1; i >= 0; i--) {\n+\n const uint32_t i_s = CELT_PVQ_U(N - i, sum + FFABS(y[i]) + 1);\n \n idx += CELT_PVQ_U(N - i, sum) + (y[i] < 0)*i_s;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static inline uint32_t celt_icwrsi(uint32_t N, uint32_t K, const int *y)\n\n{\n\n int i, idx = 0, sum = 0;\n\n for (i = N - 1; i >= 0; i--) {\n\n const uint32_t i_s = CELT_PVQ_U(N - i, sum + FFABS(y[i]) + 1);\n\n idx += CELT_PVQ_U(N - i, sum) + (y[i] < 0)*i_s;\n\n sum += FFABS(y[i]);\n\n }\n\n av_assert0(sum == K);\n\n return idx;\n\n}\n"}}
{"sample_id": "d6af26c55c1ea30f85a7d9edbc373f53be1743ee", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n static inline int get_len(LZOContext *c, int x, int mask)\n \n {\n+\n int cnt = x & mask;\n \n if (!cnt) {", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "static inline int get_len(LZOContext *c, int x, int mask)\n\n{\n\n int cnt = x & mask;\n\n if (!cnt) {\n\n while (!(x = get_byte(c)))\n\n cnt += 255;\n\n cnt += mask + x;\n\n }\n\n return cnt;\n\n}\n"}}
{"sample_id": "05e161952954acf247e0fd1fdef00559675c4d4d", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,5 +1,5 @@\n static inline int64_t bs_get_v(const uint8_t **bs)\n+\n {\n \n int64_t v = 0;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "static inline int64_t bs_get_v(const uint8_t **bs)\n\n{\n\n int64_t v = 0;\n\n int br = 0;\n\n int c;\n\n\n\n do {\n\n c = **bs; (*bs)++;\n\n v <<= 7;\n\n v |= c & 0x7F;\n\n br++;\n\n if (br > 10)\n\n return -1;\n\n } while (c & 0x80);\n\n\n\n return v - br;\n\n}\n"}}
{"sample_id": "d3f8e138c23ba082f87c96634d06b978473c1e9b", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,11 +1,11 @@\n static const char *local_mapped_attr_path(FsContext *ctx,\n \n+ const char *path, char *buffer)\n \n {\n \n char *dir_name;\n+\n char *tmp_path = strdup(path);\n \n char *base_name = basename(tmp_path);", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-22", "target_file": "source.c", "files": {"source.c": "static const char *local_mapped_attr_path(FsContext *ctx,\n\n const char *path, char *buffer)\n\n{\n\n char *dir_name;\n\n char *tmp_path = strdup(path);\n\n char *base_name = basename(tmp_path);\n\n\n\n /* NULL terminate the directory */\n\n dir_name = tmp_path;\n\n *(base_name - 1) = '\\0';\n\n\n\n snprintf(buffer, PATH_MAX, \"%s/%s/%s/%s\",\n\n ctx->fs_root, dir_name, VIRTFS_META_DIR, base_name);\n\n free(tmp_path);\n\n return buffer;\n\n}\n"}}
{"sample_id": "e83980455c8c7eb066405de512be7c4bace3ac4d", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,4 +1,4 @@\n+int virtio_bus_device_plugged(VirtIODevice *vdev)\n \n {\n \n@@ -6,11 +6,11 @@\n \n BusState *qbus = BUS(qdev_get_parent_bus(qdev));\n \n+ VirtioBusState *bus = VIRTIO_BUS(qbus);\n \n VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);\n \n+ VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);\n \n \n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-476", "target_file": "source.c", "files": {"source.c": "int virtio_bus_device_plugged(VirtIODevice *vdev)\n\n{\n\n DeviceState *qdev = DEVICE(vdev);\n\n BusState *qbus = BUS(qdev_get_parent_bus(qdev));\n\n VirtioBusState *bus = VIRTIO_BUS(qbus);\n\n VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus);\n\n VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev);\n\n\n\n DPRINTF(\"%s: plug device.\\n\", qbus->name);\n\n\n\n if (klass->device_plugged != NULL) {\n\n klass->device_plugged(qbus->parent);\n\n }\n\n\n\n /* Get the features of the plugged device. */\n\n assert(vdc->get_features != NULL);\n\n vdev->host_features = vdc->get_features(vdev, vdev->host_features);\n\n return 0;\n\n}\n"}}
{"sample_id": "f707a5ebba734597b1ff0810931b55b630077ab3", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,4 +1,4 @@\n+static void ir2_decode_plane_inter(Ir2Context *ctx, int width, int height, uint8_t *dst, int stride,\n \n const uint8_t *table)\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "static void ir2_decode_plane_inter(Ir2Context *ctx, int width, int height, uint8_t *dst, int stride,\n\n const uint8_t *table)\n\n{\n\n int j;\n\n int out = 0;\n\n int c;\n\n int t;\n\n \n\n for (j = 0; j < height; j++){\n\n out = 0;\n\n while (out < width){\n\n c = ir2_get_code(&ctx->gb);\n\n if(c > 0x80) { /* we have a skip */\n\n c -= 0x80;\n\n out += c * 2;\n\n } else { /* add two deltas from table */\n\n t = dst[out] + (table[c * 2] - 128);\n\n CLAMP_TO_BYTE(t);\n\n dst[out] = t;\n\n out++;\n\n t = dst[out] + (table[(c * 2) + 1] - 128);\n\n CLAMP_TO_BYTE(t);\n\n dst[out] = t;\n\n out++;\n\n }\n\n }\n\n dst += stride;\n\n }\n\n}\n"}}
{"sample_id": "4407c1c56adb0d3ef2bcbf577592d72278d6e11f", "diff": "--- a/source.c\n+++ b/source.c\n@@ -10,11 +10,11 @@\n \n if (!running) {\n \n+ return;\n+\n+ }\n+\n+\n \n if (!s->bh) {\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void virtio_blk_dma_restart_cb(void *opaque, int running,\n\n RunState state)\n\n{\n\n VirtIOBlock *s = opaque;\n\n\n\n if (!running) {\n\n return;\n\n }\n\n\n\n if (!s->bh) {\n\n s->bh = qemu_bh_new(virtio_blk_dma_restart_bh, s);\n\n qemu_bh_schedule(s->bh);\n\n }\n\n}\n"}}
{"sample_id": "2ceccf045c295b9a507d6e3be7710c63f51c0529", "diff": "--- a/source.c\n+++ b/source.c\n@@ -22,11 +22,11 @@\n \n dexp[i++] = ungroup_3_in_7_bits_tab[expacc][0];\n \n+ dexp[i++] = ungroup_3_in_7_bits_tab[expacc][1];\n+\n+ dexp[i++] = ungroup_3_in_7_bits_tab[expacc][2];\n+\n+ }\n \n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int decode_exponents(GetBitContext *gbc, int exp_strategy, int ngrps,\n\n uint8_t absexp, int8_t *dexps)\n\n{\n\n int i, j, grp, group_size;\n\n int dexp[256];\n\n int expacc, prevexp;\n\n\n\n /* unpack groups */\n\n group_size = exp_strategy + (exp_strategy == EXP_D45);\n\n for(grp=0,i=0; grp<ngrps; grp++) {\n\n expacc = get_bits(gbc, 7);\n\n dexp[i++] = ungroup_3_in_7_bits_tab[expacc][0];\n\n dexp[i++] = ungroup_3_in_7_bits_tab[expacc][1];\n\n dexp[i++] = ungroup_3_in_7_bits_tab[expacc][2];\n\n }\n\n\n\n /* convert to absolute exps and expand groups */\n\n prevexp = absexp;\n\n for(i=0,j=0; i<ngrps*3; i++) {\n\n prevexp += dexp[i] - 2;\n\n if (prevexp < 0 || prevexp > 24)\n\n return -1;\n\n switch (group_size) {\n\n case 4: dexps[j++] = prevexp;\n\n dexps[j++] = prevexp;\n\n case 2: dexps[j++] = prevexp;\n\n case 1: dexps[j++] = prevexp;\n\n }\n\n }\n\n return 0;\n\n}\n"}}
{"sample_id": "e1c37d0e94048502f9874e6356ce7136d4b05bdb", "diff": "--- a/source.c\n+++ b/source.c\n@@ -19,11 +19,11 @@\n DPRINTF(\"Unable to set nonblocking mode on file descriptor\\n\");\n \n goto err_after_open;\n+\n+ }\n+\n+\n+\n s->get_error = fd_errno;\n \n s->write = fd_write;", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "int fd_start_outgoing_migration(MigrationState *s, const char *fdname)\n\n{\n\n s->fd = monitor_get_fd(s->mon, fdname);\n\n if (s->fd == -1) {\n\n DPRINTF(\"fd_migration: invalid file descriptor identifier\\n\");\n\n goto err_after_get_fd;\n\n }\n\n\n\n if (fcntl(s->fd, F_SETFL, O_NONBLOCK) == -1) {\n\n DPRINTF(\"Unable to set nonblocking mode on file descriptor\\n\");\n\n goto err_after_open;\n\n }\n\n\n\n s->get_error = fd_errno;\n\n s->write = fd_write;\n\n s->close = fd_close;\n\n\n\n migrate_fd_connect(s);\n\n return 0;\n\n\n\nerr_after_open:\n\n close(s->fd);\n\nerr_after_get_fd:\n\n return -1;\n\n}\n"}}
{"sample_id": "90901860c21468d6e9ae437c2bacb099c7bd3acf", "diff": "--- a/source.c\n+++ b/source.c\n@@ -14,11 +14,11 @@\n \n asf->last_indexed_pts = 0;\n \n+ asf->index_ptr = (ASFIndex*)av_malloc( sizeof(ASFIndex) * ASF_INDEX_BLOCK );\n+\n+ asf->nb_index_memory_alloc = ASF_INDEX_BLOCK;\n+\n+ asf->nb_index_count = 0;\n \n asf->maximum_packet = 0;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static int asf_write_header(AVFormatContext *s)\n\n{\n\n ASFContext *asf = s->priv_data;\n\n\n\n asf->packet_size = PACKET_SIZE;\n\n asf->nb_packets = 0;\n\n\n\n asf->last_indexed_pts = 0;\n\n asf->index_ptr = (ASFIndex*)av_malloc( sizeof(ASFIndex) * ASF_INDEX_BLOCK );\n\n asf->nb_index_memory_alloc = ASF_INDEX_BLOCK;\n\n asf->nb_index_count = 0;\n\n asf->maximum_packet = 0;\n\n\n\n /* the data-chunk-size has to be 50, which is data_size - asf->data_offset\n\n * at the moment this function is done. It is needed to use asf as\n\n * streamable format. */\n\n if (asf_write_header1(s, 0, 50) < 0) {\n\n //av_free(asf);\n\n return -1;\n\n }\n\n\n\n put_flush_packet(s->pb);\n\n\n\n asf->packet_nb_payloads = 0;\n\n asf->packet_timestamp_start = -1;\n\n asf->packet_timestamp_end = -1;\n\n init_put_byte(&asf->pb, asf->packet_buf, asf->packet_size, 1,\n\n NULL, NULL, NULL, NULL);\n\n\n\n return 0;\n\n}\n"}}
{"sample_id": "3a8c95f730732b9f1ffacdbfbf79a01b202a67af", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,11 +4,11 @@\n \n AVDictionaryEntry *tag = NULL;\n \n+ char val_str[128];\n+\n+ int64_t size = fmt_ctx->pb ? avio_size(fmt_ctx->pb) : -1;\n+\n+\n \n print_format_entry(NULL, \"[FORMAT]\");\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void show_format(AVFormatContext *fmt_ctx)\n\n{\n\n AVDictionaryEntry *tag = NULL;\n\n char val_str[128];\n\n int64_t size = fmt_ctx->pb ? avio_size(fmt_ctx->pb) : -1;\n\n\n\n print_format_entry(NULL, \"[FORMAT]\");\n\n print_format_entry(\"filename\", fmt_ctx->filename);\n\n snprintf(val_str, sizeof(val_str) - 1, \"%d\", fmt_ctx->nb_streams);\n\n print_format_entry(\"nb_streams\", val_str);\n\n print_format_entry(\"format_name\", fmt_ctx->iformat->name);\n\n print_format_entry(\"format_long_name\", fmt_ctx->iformat->long_name);\n\n print_format_entry(\"start_time\",\n\n time_value_string(val_str, sizeof(val_str),\n\n fmt_ctx->start_time, &AV_TIME_BASE_Q));\n\n print_format_entry(\"duration\",\n\n time_value_string(val_str, sizeof(val_str),\n\n fmt_ctx->duration, &AV_TIME_BASE_Q));\n\n print_format_entry(\"size\",\n\n size >= 0 ? value_string(val_str, sizeof(val_str),\n\n size, unit_byte_str)\n\n : \"unknown\");\n\n print_format_entry(\"bit_rate\",\n\n value_string(val_str, sizeof(val_str),\n\n fmt_ctx->bit_rate, unit_bit_per_second_str));\n\n\n\n while ((tag = av_dict_get(fmt_ctx->metadata, \"\", tag,\n\n AV_DICT_IGNORE_SUFFIX))) {\n\n snprintf(val_str, sizeof(val_str) - 1, \"TAG:%s\", tag->key);\n\n print_format_entry(val_str, tag->value);\n\n }\n\n\n\n print_format_entry(NULL, \"[/FORMAT]\");\n\n}\n"}}
{"sample_id": "c004de0b1c5b44849f9619910c173d1a2204c16e", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,7 +1,7 @@\n static void gif_fill_rect(AVFrame *picture, uint32_t color, int l, int t, int w, int h)\n \n {\n+\n const int linesize = picture->linesize[0] / sizeof(uint32_t);\n \n const uint32_t *py = (uint32_t *)picture->data[0] + t * linesize;", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-189", "target_file": "source.c", "files": {"source.c": "static void gif_fill_rect(AVFrame *picture, uint32_t color, int l, int t, int w, int h)\n\n{\n\n const int linesize = picture->linesize[0] / sizeof(uint32_t);\n\n const uint32_t *py = (uint32_t *)picture->data[0] + t * linesize;\n\n const uint32_t *pr, *pb = py + (t + h) * linesize;\n\n uint32_t *px;\n\n\n\n for (; py < pb; py += linesize) {\n\n px = (uint32_t *)py + l;\n\n pr = px + w;\n\n\n\n for (; px < pr; px++)\n\n *px = color;\n\n }\n\n}\n"}}
{"sample_id": "f76cfe56d9bc281685c5120bf765d29d9323756f", "diff": "--- a/source.c\n+++ b/source.c\n@@ -20,11 +20,11 @@\n \n \n \n+ tb = env->current_tb;\n+\n+ /* if the cpu is currently executing code, we must unlink it and\n+\n+ all the potentially executing TB */\n \n if (tb && !testandset(&interrupt_lock)) {\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void cpu_unlink_tb(CPUState *env)\n\n{\n\n#if defined(CONFIG_USE_NPTL)\n\n /* FIXME: TB unchaining isn't SMP safe. For now just ignore the\n\n problem and hope the cpu will stop of its own accord. For userspace\n\n emulation this often isn't actually as bad as it sounds. Often\n\n signals are used primarily to interrupt blocking syscalls. */\n\n#else\n\n TranslationBlock *tb;\n\n static spinlock_t interrupt_lock = SPIN_LOCK_UNLOCKED;\n\n\n\n tb = env->current_tb;\n\n /* if the cpu is currently executing code, we must unlink it and\n\n all the potentially executing TB */\n\n if (tb && !testandset(&interrupt_lock)) {\n\n env->current_tb = NULL;\n\n tb_reset_jump_recursive(tb);\n\n resetlock(&interrupt_lock);\n\n }\n\n#endif\n\n}\n"}}
{"sample_id": "e97efecec82ca8458a9bbd75a91ebf556abde362", "diff": "--- a/source.c\n+++ b/source.c\n@@ -40,8 +40,8 @@\n \n return sys;\n \n+\n+\n+ return NULL;\n+\n+}", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "const DVprofile* avpriv_dv_frame_profile(const DVprofile *sys,\n\n const uint8_t* frame, unsigned buf_size)\n\n{\n\n int i;\n\n\n\n int dsf = (frame[3] & 0x80) >> 7;\n\n\n\n int stype = frame[80*5 + 48 + 3] & 0x1f;\n\n\n\n /* 576i50 25Mbps 4:1:1 is a special case */\n\n if (dsf == 1 && stype == 0 && frame[4] & 0x07 /* the APT field */) {\n\n return &dv_profiles[2];\n\n }\n\n\n\n for (i=0; i<FF_ARRAY_ELEMS(dv_profiles); i++)\n\n if (dsf == dv_profiles[i].dsf && stype == dv_profiles[i].video_stype)\n\n return &dv_profiles[i];\n\n\n\n /* check if old sys matches and assumes corrupted input */\n\n if (sys && buf_size == sys->frame_size)\n\n return sys;\n\n\n\n return NULL;\n\n}\n"}}
{"sample_id": "9ef91a677110ec200d7b2904fc4bcae5a77329ad", "diff": "--- a/source.c\n+++ b/source.c\n@@ -5,11 +5,11 @@\n ssize_t ret = qemu_paio_return(aiocb);\n \n \n+\n+ if (ret < 0)\n+\n+ ret = -ret;\n+\n else\n \n ret = 0;", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "int qemu_paio_error(struct qemu_paiocb *aiocb)\n\n{\n\n ssize_t ret = qemu_paio_return(aiocb);\n\n\n\n if (ret < 0)\n\n ret = -ret;\n\n else\n\n ret = 0;\n\n\n\n return ret;\n\n}\n"}}
{"sample_id": "a7812ae412311d7d47f8aa85656faadac9d64b56", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,10 +1,10 @@\n static void cris_alu(DisasContext *dc, int op,\n \n+\t\t\t TCGv d, TCGv op_a, TCGv op_b, int size)\n+\n+{\n+\n+\tTCGv tmp;\n \n \tint writeback;\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void cris_alu(DisasContext *dc, int op,\n\n\t\t\t TCGv d, TCGv op_a, TCGv op_b, int size)\n\n{\n\n\tTCGv tmp;\n\n\tint writeback;\n\n\n\n\twriteback = 1;\n\n\n\n\tif (op == CC_OP_BOUND || op == CC_OP_BTST)\n\n\t\ttmp = tcg_temp_local_new(TCG_TYPE_TL);\n\n\n\n\tif (op == CC_OP_CMP) {\n\n\t\ttmp = tcg_temp_new(TCG_TYPE_TL);\n\n\t\twriteback = 0;\n\n\t} else if (size == 4) {\n\n\t\ttmp = d;\n\n\t\twriteback = 0;\n\n\t} else\n\n\t\ttmp = tcg_temp_new(TCG_TYPE_TL);\n\n\n\n\n\n\tcris_pre_alu_update_cc(dc, op, op_a, op_b, size);\n\n\tcris_alu_op_exec(dc, op, tmp, op_a, op_b, size);\n\n\tcris_update_result(dc, tmp);\n\n\n\n\t/* Writeback. */\n\n\tif (writeback) {\n\n\t\tif (size == 1)\n\n\t\t\ttcg_gen_andi_tl(d, d, ~0xff);\n\n\t\telse\n\n\t\t\ttcg_gen_andi_tl(d, d, ~0xffff);\n\n\t\ttcg_gen_or_tl(d, d, tmp);\n\n\t}\n\n\tif (GET_TCGV(tmp) != GET_TCGV(d))\n\n\t\ttcg_temp_free(tmp);\n\n}\n"}}
{"sample_id": "441692ddd8321d5e0f09b163e86410e578d87236", "diff": "--- a/source.c\n+++ b/source.c\n@@ -6,14 +6,14 @@\n \n \n \n+ blankbuf = g_malloc(512);\n \n tmpbuf = g_malloc(512);\n+\n memset(blankbuf, 0xff, 512);\n \n for (; num > 0; num--, sec++) {\n+\n if (s->blk_cur) {\n \n int erasesec = s->secs_cur + (sec >> 5);", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-119", "target_file": "source.c", "files": {"source.c": "static inline int onenand_erase(OneNANDState *s, int sec, int num)\n\n{\n\n uint8_t *blankbuf, *tmpbuf;\n\n\n\n blankbuf = g_malloc(512);\n\n tmpbuf = g_malloc(512);\n\n memset(blankbuf, 0xff, 512);\n\n for (; num > 0; num--, sec++) {\n\n if (s->blk_cur) {\n\n int erasesec = s->secs_cur + (sec >> 5);\n\n if (blk_write(s->blk_cur, sec, blankbuf, 1) < 0) {\n\n goto fail;\n\n }\n\n if (blk_read(s->blk_cur, erasesec, tmpbuf, 1) < 0) {\n\n goto fail;\n\n }\n\n memcpy(tmpbuf + ((sec & 31) << 4), blankbuf, 1 << 4);\n\n if (blk_write(s->blk_cur, erasesec, tmpbuf, 1) < 0) {\n\n goto fail;\n\n }\n\n } else {\n\n if (sec + 1 > s->secs_cur) {\n\n goto fail;\n\n }\n\n memcpy(s->current + (sec << 9), blankbuf, 512);\n\n memcpy(s->current + (s->secs_cur << 9) + (sec << 4),\n\n blankbuf, 1 << 4);\n\n }\n\n }\n\n\n\n g_free(tmpbuf);\n\n g_free(blankbuf);\n\n return 0;\n\n\n\nfail:\n\n g_free(tmpbuf);\n\n g_free(blankbuf);\n\n return 1;\n\n}\n"}}
{"sample_id": "0240ded8bb1580147ed2ff1748df439a3b41e38f", "diff": "--- a/source.c\n+++ b/source.c\n@@ -11,11 +11,11 @@\n regs->ARM_pc = infop->entry;\n \n regs->ARM_sp = infop->start_stack;\n+\n+ regs->ARM_r2 = tswapl(stack[2]); /* envp */\n+\n+ regs->ARM_r1 = tswapl(stack[1]); /* argv */\n+\n /* XXX: it seems that r0 is zeroed after ! */\n \n // regs->ARM_r0 = tswapl(stack[0]); /* argc */", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)\n\n{\n\n target_long *stack = (void *)infop->start_stack;\n\n memset(regs, 0, sizeof(*regs));\n\n regs->ARM_cpsr = 0x10;\n\n regs->ARM_pc = infop->entry;\n\n regs->ARM_sp = infop->start_stack;\n\n regs->ARM_r2 = tswapl(stack[2]); /* envp */\n\n regs->ARM_r1 = tswapl(stack[1]); /* argv */\n\n /* XXX: it seems that r0 is zeroed after ! */\n\n // regs->ARM_r0 = tswapl(stack[0]); /* argc */\n\n}\n"}}
{"sample_id": "4be746345f13e99e468c60acbd3a355e8183e3ce", "diff": "--- a/source.c\n+++ b/source.c\n@@ -18,11 +18,11 @@\n \n return;\n \n+ }\n+\n+ len = r->io_header.dxfer_len - r->io_header.resid;\n+\n+ DPRINTF(\"Data ready tag=0x%x len=%d\\n\", r->req.tag, len);\n \n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "static void scsi_read_complete(void * opaque, int ret)\n\n{\n\n SCSIGenericReq *r = (SCSIGenericReq *)opaque;\n\n SCSIDevice *s = r->req.dev;\n\n int len;\n\n\n\n r->req.aiocb = NULL;\n\n if (ret || r->req.io_canceled) {\n\n scsi_command_complete(r, ret);\n\n return;\n\n }\n\n len = r->io_header.dxfer_len - r->io_header.resid;\n\n DPRINTF(\"Data ready tag=0x%x len=%d\\n\", r->req.tag, len);\n\n\n\n r->len = -1;\n\n if (len == 0) {\n\n scsi_command_complete(r, 0);\n\n } else {\n\n /* Snoop READ CAPACITY output to set the blocksize. */\n\n if (r->req.cmd.buf[0] == READ_CAPACITY_10 &&\n\n (ldl_be_p(&r->buf[0]) != 0xffffffffU || s->max_lba == 0)) {\n\n s->blocksize = ldl_be_p(&r->buf[4]);\n\n s->max_lba = ldl_be_p(&r->buf[0]) & 0xffffffffULL;\n\n } else if (r->req.cmd.buf[0] == SERVICE_ACTION_IN_16 &&\n\n (r->req.cmd.buf[1] & 31) == SAI_READ_CAPACITY_16) {\n\n s->blocksize = ldl_be_p(&r->buf[8]);\n\n s->max_lba = ldq_be_p(&r->buf[0]);\n\n }\n\n bdrv_set_guest_block_size(s->conf.bs, s->blocksize);\n\n\n\n scsi_req_data(&r->req, len);\n\n scsi_req_unref(&r->req);\n\n }\n\n}\n"}}
{"sample_id": "6fae8c5443d4fa40fe65f67138f4dbb731f23d72", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,7 +4,7 @@\n \n UnsharpContext *unsharp = ctx->priv;\n \n+ int lmsize_x = 5, cmsize_x = 0;\n \n int lmsize_y = 5, cmsize_y = 0;\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "static av_cold int init(AVFilterContext *ctx, const char *args, void *opaque)\n\n{\n\n UnsharpContext *unsharp = ctx->priv;\n\n int lmsize_x = 5, cmsize_x = 0;\n\n int lmsize_y = 5, cmsize_y = 0;\n\n double lamount = 1.0f, camount = 0.0f;\n\n\n\n if (args)\n\n sscanf(args, \"%d:%d:%lf:%d:%d:%lf\", &lmsize_x, &lmsize_y, &lamount,\n\n &cmsize_x, &cmsize_y, &camount);\n\n\n\n if (lmsize_x < 2 || lmsize_y < 2 || cmsize_x < 2 || cmsize_y < 2) {\n\n av_log(ctx, AV_LOG_ERROR,\n\n \"Invalid value <2 for lmsize_x:%d or lmsize_y:%d or cmsize_x:%d or cmsize_y:%d\\n\",\n\n lmsize_x, lmsize_y, cmsize_x, cmsize_y);\n\n return AVERROR(EINVAL);\n\n }\n\n\n\n set_filter_param(&unsharp->luma, lmsize_x, lmsize_y, lamount);\n\n set_filter_param(&unsharp->chroma, cmsize_x, cmsize_y, camount);\n\n\n\n return 0;\n\n}\n"}}
{"sample_id": "61007b316cd71ee7333ff7a0a749a8949527575f", "diff": "--- a/source.c\n+++ b/source.c\n@@ -4,11 +4,11 @@\n \n BlockDriverInfo bdi;\n \n+\n+\n+ if (bs->backing_hd) {\n+\n+ return false;\n \n }\n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "bool bdrv_unallocated_blocks_are_zero(BlockDriverState *bs)\n\n{\n\n BlockDriverInfo bdi;\n\n\n\n if (bs->backing_hd) {\n\n return false;\n\n }\n\n\n\n if (bdrv_get_info(bs, &bdi) == 0) {\n\n return bdi.unallocated_blocks_are_zero;\n\n }\n\n\n\n return false;\n\n}\n"}}
{"sample_id": "3dc6f8693694a649a9c83f1e2746565b47683923", "diff": "--- a/source.c\n+++ b/source.c\n@@ -8,11 +8,11 @@\n \n if (tcet->nb_table) {\n \n+ error_report(\"Warning: trying to enable already enabled TCE table\");\n+\n+ return;\n+\n+ }\n \n \n ", "available_files": ["source.c"], "is_vulnerable": false, "cwe": null, "target_file": "source.c", "files": {"source.c": "void spapr_tce_table_enable(sPAPRTCETable *tcet,\n\n uint32_t page_shift, uint64_t bus_offset,\n\n uint32_t nb_table)\n\n{\n\n if (tcet->nb_table) {\n\n error_report(\"Warning: trying to enable already enabled TCE table\");\n\n return;\n\n }\n\n\n\n tcet->bus_offset = bus_offset;\n\n tcet->page_shift = page_shift;\n\n tcet->nb_table = nb_table;\n\n tcet->table = spapr_tce_alloc_table(tcet->liobn,\n\n tcet->page_shift,\n\n tcet->bus_offset,\n\n tcet->nb_table,\n\n &tcet->fd,\n\n tcet->need_vfio);\n\n\n\n memory_region_set_size(&tcet->iommu,\n\n (uint64_t)tcet->nb_table << tcet->page_shift);\n\n memory_region_add_subregion(&tcet->root, tcet->bus_offset, &tcet->iommu);\n\n}\n"}}
{"sample_id": "ebca5e6d5ec2f1cf6c886a114e161261af28dc0a", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,6 +1,6 @@\n static void gen_msgclr(DisasContext *ctx)\n \n+{\n \n #if defined(CONFIG_USER_ONLY)\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-OTHER", "target_file": "source.c", "files": {"source.c": "static void gen_msgclr(DisasContext *ctx)\n\n{\n\n#if defined(CONFIG_USER_ONLY)\n\n GEN_PRIV;\n\n#else\n\n CHK_SV;\n\n gen_helper_msgclr(cpu_env, cpu_gpr[rB(ctx->opcode)]);\n\n#endif /* defined(CONFIG_USER_ONLY) */\n\n}\n"}}
{"sample_id": "3e305e4a4752f70c0b5c3cf5b43ec957881714f7", "diff": "--- a/source.c\n+++ b/source.c\n@@ -1,12 +1,12 @@\n ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)\n \n+{\n+\n ssize_t ret;\n \n #ifdef CONFIG_VNC_TLS\n \n+ if (vs->tls.session) {\n \n ret = vnc_client_read_tls(&vs->tls.session, data, datalen);\n ", "available_files": ["source.c"], "is_vulnerable": true, "cwe": "CWE-20", "target_file": "source.c", "files": {"source.c": "ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)\n\n{\n\n ssize_t ret;\n\n#ifdef CONFIG_VNC_TLS\n\n if (vs->tls.session) {\n\n ret = vnc_client_read_tls(&vs->tls.session, data, datalen);\n\n } else {\n\n#endif /* CONFIG_VNC_TLS */\n\n ret = qemu_recv(vs->csock, data, datalen, 0);\n\n#ifdef CONFIG_VNC_TLS\n\n }\n\n#endif /* CONFIG_VNC_TLS */\n\n VNC_DEBUG(\"Read wire %p %zd -> %ld\\n\", data, datalen, ret);\n\n return vnc_client_io_error(vs, ret, socket_error());\n\n}\n"}}