| Message ID | 20240228110641.287205-1-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | tcg/optimize: fix uninitialized variable | expand |
On 28/2/24 12:06, Paolo Bonzini wrote: > The variables uext_opc and sext_opc are used without initialization if > TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending > on the compiler, might be the generation of extract and sextract opcodes Shouldn't compilers bark? > with invalid offset and count, or just random data in the TCG opcode > stream. > > Fixes: ceb9ee06b71 ("tcg/optimize: Handle TCG_COND_TST{EQ,NE}", 2024-02-03) > Cc: Richard Henderson <pbonzini@redhat.com> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > tcg/optimize.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
On Wed, Feb 28, 2024 at 12:19 PM Philippe Mathieu-Daudé <philmd@linaro.org> wrote: > > On 28/2/24 12:06, Paolo Bonzini wrote: > > The variables uext_opc and sext_opc are used without initialization if > > TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending > > on the compiler, might be the generation of extract and sextract opcodes > > Shouldn't compilers bark? I expected that too... Paolo > > with invalid offset and count, or just random data in the TCG opcode > > stream. > > > > Fixes: ceb9ee06b71 ("tcg/optimize: Handle TCG_COND_TST{EQ,NE}", 2024-02-03) > > Cc: Richard Henderson <pbonzini@redhat.com> > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > > --- > > tcg/optimize.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> >
On 2/28/24 02:20, Paolo Bonzini wrote: > On Wed, Feb 28, 2024 at 12:19 PM Philippe Mathieu-Daudé > <philmd@linaro.org> wrote: >> >> On 28/2/24 12:06, Paolo Bonzini wrote: >>> The variables uext_opc and sext_opc are used without initialization if >>> TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending >>> on the compiler, might be the generation of extract and sextract opcodes >> >> Shouldn't compilers bark? > > I expected that too... Weird. Anyhoo, Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
On 2/28/24 09:29, Richard Henderson wrote: > On 2/28/24 02:20, Paolo Bonzini wrote: >> On Wed, Feb 28, 2024 at 12:19 PM Philippe Mathieu-Daudé >> <philmd@linaro.org> wrote: >>> >>> On 28/2/24 12:06, Paolo Bonzini wrote: >>>> The variables uext_opc and sext_opc are used without initialization if >>>> TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending >>>> on the compiler, might be the generation of extract and sextract opcodes >>> >>> Shouldn't compilers bark? >> >> I expected that too... > > Weird. Anyhoo, > > Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Queued, thanks. r~
diff --git a/tcg/optimize.c b/tcg/optimize.c index 79e701652bf..752cc5c56b6 100644 --- a/tcg/optimize.c +++ b/tcg/optimize.c @@ -2102,7 +2102,8 @@ static bool fold_remainder(OptContext *ctx, TCGOp *op) static void fold_setcond_tst_pow2(OptContext *ctx, TCGOp *op, bool neg) { - TCGOpcode and_opc, sub_opc, xor_opc, neg_opc, shr_opc, uext_opc, sext_opc; + TCGOpcode and_opc, sub_opc, xor_opc, neg_opc, shr_opc; + TCGOpcode uext_opc = 0, sext_opc = 0; TCGCond cond = op->args[3]; TCGArg ret, src1, src2; TCGOp *op2;
The variables uext_opc and sext_opc are used without initialization if TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending on the compiler, might be the generation of extract and sextract opcodes with invalid offset and count, or just random data in the TCG opcode stream. Fixes: ceb9ee06b71 ("tcg/optimize: Handle TCG_COND_TST{EQ,NE}", 2024-02-03) Cc: Richard Henderson <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- tcg/optimize.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)