diff mbox series

[55/60] tcg/optimize: fix uninitialized variable

Message ID	20240301230619.661008-56-richard.henderson@linaro.org
State	Accepted
Commit	ff202817dc2b0b3b42992fa7f1ce503f081068fe
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: Richard Henderson <richard.henderson@linaro.org> To: qemu-devel@nongnu.org Cc: Paolo Bonzini <pbonzini@redhat.com>, =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= <philmd@linaro.org> Subject: [PATCH 55/60] tcg/optimize: fix uninitialized variable Date: Fri, 1 Mar 2024 13:06:14 -1000 Message-Id: <20240301230619.661008-56-richard.henderson@linaro.org> In-Reply-To: <20240301230619.661008-1-richard.henderson@linaro.org> References: <20240301230619.661008-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::129; envelope-from=richard.henderson@linaro.org; helo=mail-il1-x129.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
Series	[01/60] linux-user/elfload: Disable core dump if getrlimit fails \| expand [01/60] linux-user/elfload: Disable core dump if getrlimit fails [02/60] linux-user/elfload: Merge init_note_info and fill_note_info [03/60] linux-user/elfload: Tidy fill_note_info and struct elf_note_info [04/60] linux-user/elfload: Stack allocate struct mm_struct [05/60] linux-user/elfload: Latch errno before cleanup in elf_core_dump [06/60] linux-user/elfload: Open core file after vma_init [07/60] linux-user/elfload: Truncate core file on open [08/60] linux-user/elfload: Lock cpu list and mmap during elf_core_dump [09/60] linux-user/elfload: Size corefile before opening [10/60] linux-user/elfload: Write corefile elf header in one block [11/60] linux-user/elfload: Write process memory to core file in larger chunks [12/60] linux-user/elfload: Simplify vma_dump_size [13/60] linux-user/elfload: Rely on walk_memory_regions for vmas [14/60] linux-user/elfload: Unprotect regions before core dump [15/60] tcg/aarch64: Apple does not align __int128_t in even registers [16/60] accel/tcg: Set can_do_io at at start of lookup_tb_ptr helper [17/60] tcg: Avoid double lock if page tables happen to be in mmio memory. [18/60] accel/tcg: Remove qemu_host_page_size from page_protect/page_unprotect [19/60] linux-user: Adjust SVr4 NULL page mapping [20/60] linux-user: Remove qemu_host_page_{size, mask} in probe_guest_base [21/60] linux-user: Remove qemu_host_page_size from create_elf_tables [22/60] linux-user/hppa: Simplify init_guest_commpage [23/60] linux-user/nios2: Remove qemu_host_page_size from init_guest_commpage [24/60] linux-user/arm: Remove qemu_host_page_size from init_guest_commpage [25/60] linux-user: Remove qemu_host_page_size from elf_core_dump [26/60] linux-user: Remove qemu_host_page_{size, mask} from mmap.c [27/60] linux-user: Remove REAL_HOST_PAGE_ALIGN from mmap.c [28/60] linux-user: Remove HOST_PAGE_ALIGN from mmap.c [29/60] migration: Remove qemu_host_page_size [30/60] hw/tpm: Remove HOST_PAGE_ALIGN from tpm_ppi_init [31/60] softmmu/physmem: Remove qemu_host_page_size [32/60] softmmu/physmem: Remove HOST_PAGE_ALIGN [33/60] linux-user: Remove qemu_host_page_size from main [34/60] linux-user: Split out target_mmap__locked [35/60] linux-user: Move some mmap checks outside the lock [36/60] linux-user: Fix sub-host-page mmap [37/60] linux-user: Split out mmap_end [38/60] linux-user: Do early mmap placement only for reserved_va [39/60] linux-user: Split out do_munmap [40/60] linux-user: Use do_munmap for target_mmap failure [41/60] linux-user: Split out mmap_h_eq_g [42/60] linux-user: Split out mmap_h_lt_g [43/60] linux-user: Split out mmap_h_gt_g [44/60] tests/tcg: Remove run-test-mmap-* [45/60] tests/tcg: Extend file in linux-madvise.c [46/60] *-user: Deprecate and disable -p pagesize [47/60] cpu: Remove page_size_init [48/60] accel/tcg: Disconnect TargetPageDataNode from page size [49/60] linux-user: Allow TARGET_PAGE_BITS_VARY [50/60] target/arm: Enable TARGET_PAGE_BITS_VARY for AArch64 user-only [51/60] linux-user: Bound mmap_min_addr by host page size [52/60] target/ppc: Enable TARGET_PAGE_BITS_VARY for user-only [53/60] target/alpha: Enable TARGET_PAGE_BITS_VARY for user-only [54/60] linux-user: Remove pgb_dynamic alignment assertion [55/60] tcg/optimize: fix uninitialized variable [56/60] linux-user/x86_64: Handle the vsyscall page in open_self_maps_{2, 4} [57/60] linux-user/loongarch64: Remove TARGET_FORCE_SHMLBA [58/60] linux-user: Add strace for shmat [59/60] linux-user: Rewrite target_shmat [60/60] tests/tcg: Check that shmat() does not break /proc/self/maps

Commit Message

Richard Henderson March 1, 2024, 11:06 p.m. UTC

From: Paolo Bonzini <pbonzini@redhat.com>

The variables uext_opc and sext_opc are used without initialization if
TCG_TARGET_extract_i{32,64}_valid returns false.  The result, depending
on the compiler, might be the generation of extract and sextract opcodes
with invalid offset and count, or just random data in the TCG opcode
stream.

Fixes: ceb9ee06b71 ("tcg/optimize: Handle TCG_COND_TST{EQ,NE}", 2024-02-03)
Cc: Richard Henderson <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240228110641.287205-1-pbonzini@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 tcg/optimize.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff mbox series

Patch

diff --git a/tcg/optimize.c b/tcg/optimize.c
index 79e701652b..752cc5c56b 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -2102,7 +2102,8 @@  static bool fold_remainder(OptContext *ctx, TCGOp *op)
 
 static void fold_setcond_tst_pow2(OptContext *ctx, TCGOp *op, bool neg)
 {
-    TCGOpcode and_opc, sub_opc, xor_opc, neg_opc, shr_opc, uext_opc, sext_opc;
+    TCGOpcode and_opc, sub_opc, xor_opc, neg_opc, shr_opc;
+    TCGOpcode uext_opc = 0, sext_opc = 0;
     TCGCond cond = op->args[3];
     TCGArg ret, src1, src2;
     TCGOp *op2;