Re: [Qemu-devel] [PATCH] hw/scsi-bus.c: Fix use of uninitialised variable

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Blue Swirl <blauwirbel@gmail.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	qemu-devel@nongnu.org, patches@linaro.org
Subject: Re: [Qemu-devel] [PATCH] hw/scsi-bus.c: Fix use of uninitialised variable
Date: Fri, 12 Aug 2011 19:22:48 +0000	[thread overview]
Message-ID: <CAAu8pHvs-CyxkhzCaq4JNdTrMSYsLS_ZMu4ztEyN5uyd_Tw6Eg@mail.gmail.com> (raw)
In-Reply-To: <1313167776-27926-1-git-send-email-peter.maydell@linaro.org>

On Fri, Aug 12, 2011 at 4:49 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Don't use req before it has been initialised in scsi_req_new().
> This fixes a compile failure due to gcc complaining about this.

It fixes a crash if the warning is ignored:
Configuration device id QEMU version 1 machine id 32

Program received signal SIGSEGV, Segmentation fault.
scsi_req_new (d=0x15e46b0, tag=0x0, lun=0x0, buf=0x7fffffffde41 "\022",
    hba_private=<value optimized out>) at /src/qemu/hw/scsi-bus.c:375
375             if (req->cmd.lba != -1) {
(gdb) bt
#0  scsi_req_new (d=0x15e46b0, tag=0x0, lun=0x0, buf=0x7fffffffde41 "\022",
    hba_private=<value optimized out>) at /src/qemu/hw/scsi-bus.c:375
#1  0x000000000052c6ef in do_busid_cmd (s=0x15e2790, buf=0x0,
    busid=<value optimized out>) at /src/qemu/hw/esp.c:247
#2  0x000000000052cc5d in do_cmd (s=0x15e2790) at /src/qemu/hw/esp.c:270
#3  handle_satn (s=0x15e2790) at /src/qemu/hw/esp.c:284
#4  0x000000000052d174 in esp_mem_writeb (opaque=0x15e2790,
    addr=<value optimized out>, val=0xc2) at /src/qemu/hw/esp.c:640
#5  0x000000004003d1f5 in ?? ()
#6  0x0000000001632330 in ?? ()
#7  0x0000000001632280 in ?? ()
#8  0x00007fffffffe180 in ?? ()
#9  0x3d3d87e90d932400 in ?? ()
#10 0x00007ffff7eefd00 in ?? ()
#11 0x00000000004dc558 in tb_reset_jump_recursive2 (tb=0xffee100c)
    at /src/qemu/exec.c:1389
#12 tb_reset_jump_recursive (tb=0xffee100c) at /src/qemu/exec.c:1395
#13 0x000000000040bdea in qemu_notify_event () at /src/qemu/cpus.c:616
#14 <signal handler called>
#15 0x00000000004de681 in cpu_sparc_exec (env=0x1059600)
    at /src/qemu/cpu-exec.c:528
#16 0x000000000040c1fc in tcg_cpu_exec () at /src/qemu/cpus.c:1064
#17 cpu_exec_all () at /src/qemu/cpus.c:1105
#18 0x0000000000519497 in main_loop (argc=<value optimized out>,
    argv=<value optimized out>, envp=<value optimized out>)
    at /src/qemu/vl.c:1392
#19 main (argc=<value optimized out>, argv=<value optimized out>,
    envp=<value optimized out>) at /src/qemu/vl.c:3356
(gdb) p req
$1 = <value optimized out>
(gdb) p req->cmd
Cannot access memory at address 0x28
(gdb) p req->cmd.lba
Cannot access memory at address 0x48

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/scsi-bus.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
> index f2af6cd..559d5a4 100644
> --- a/hw/scsi-bus.c
> +++ b/hw/scsi-bus.c
> @@ -372,7 +372,7 @@ SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
>     } else {
>         trace_scsi_req_parsed(d->id, lun, tag, buf[0],
>                               cmd.mode, cmd.xfer);
> -        if (req->cmd.lba != -1) {
> +        if (cmd.lba != -1) {
>             trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
>                                       cmd.lba);
>         }
> --
> 1.7.1
>
>
>

next prev parent reply	other threads:[~2011-08-12 19:23 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-12 16:49 [Qemu-devel] [PATCH] hw/scsi-bus.c: Fix use of uninitialised variable Peter Maydell
2011-08-12 19:22 ` Blue Swirl [this message]
2011-08-13 17:29   ` Blue Swirl
2011-08-14 17:32     ` Paolo Bonzini
2011-08-14 18:03 ` Paolo Bonzini
2011-08-14 20:00 ` Blue Swirl

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAu8pHvs-CyxkhzCaq4JNdTrMSYsLS_ZMu4ztEyN5uyd_Tw6Eg@mail.gmail.com \
    --to=blauwirbel@gmail.com \
    --cc=patches@linaro.org \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).