mirror of
https://github.com/Motorhead1991/qemu.git
synced 2025-12-18 05:28:36 -07:00
83d2bea68a
The 'taddr' variable is left unintialized, being set only inside the
"while ((lev--) >= 0)" loop where we get the TCE address. The 'lev' var
is an int32_t that is being initiliazed by the GETFIELD() macro, which
returns an uint64_t.
For a human reader this means that 'lev' will always be positive or zero.
But some compilers may beg to differ. 'lev' being an int32_t can in theory
be set as negative, and the "while ((lev--) >= 0)" loop might never be
reached, and 'taddr' will be left unitialized. This can cause phb3_error()
to use 'taddr' uninitialized down below:
if ((is_write & !(tce & 2)) || ((!is_write) && !(tce & 1))) {
phb3_error(phb, "TCE access fault at 0x%"PRIx64, taddr);
A quick way of fixing it is to use a do/while() loop. This will keep the
same semanting as the existing while() loop does and the compiler will
understand that 'taddr' will be initialized at least once.
Suggested-by: Matheus K. Ferst <matheus.ferst@eldorado.org.br>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/573
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220127122234.842145-2-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
||
|---|---|---|
| .. | ||
| bonito.c | ||
| designware.c | ||
| gpex-acpi.c | ||
| gpex.c | ||
| grackle.c | ||
| i440fx.c | ||
| Kconfig | ||
| meson.build | ||
| mv643xx.h | ||
| mv64361.c | ||
| pam.c | ||
| pnv_phb3.c | ||
| pnv_phb3_msi.c | ||
| pnv_phb3_pbcq.c | ||
| pnv_phb4.c | ||
| pnv_phb4_pec.c | ||
| ppce500.c | ||
| q35.c | ||
| raven.c | ||
| remote.c | ||
| sabre.c | ||
| sh_pci.c | ||
| trace-events | ||
| trace.h | ||
| uninorth.c | ||
| versatile.c | ||
| xen_igd_pt.c | ||
| xilinx-pcie.c | ||