From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:44219)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <blauwirbel@gmail.com>) id 1QrxK2-00057x-Qf
	for qemu-devel@nongnu.org; Fri, 12 Aug 2011 15:23:11 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <blauwirbel@gmail.com>) id 1QrxK1-0000rH-Cu
	for qemu-devel@nongnu.org; Fri, 12 Aug 2011 15:23:10 -0400
Received: from mail-qy0-f173.google.com ([209.85.216.173]:54343)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <blauwirbel@gmail.com>) id 1QrxK1-0000rB-9g
	for qemu-devel@nongnu.org; Fri, 12 Aug 2011 15:23:09 -0400
Received: by qyk31 with SMTP id 31so545354qyk.4
	for <qemu-devel@nongnu.org>; Fri, 12 Aug 2011 12:23:08 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <1313167776-27926-1-git-send-email-peter.maydell@linaro.org>
References: <1313167776-27926-1-git-send-email-peter.maydell@linaro.org>
From: Blue Swirl <blauwirbel@gmail.com>
Date: Fri, 12 Aug 2011 19:22:48 +0000
Message-ID: <CAAu8pHvs-CyxkhzCaq4JNdTrMSYsLS_ZMu4ztEyN5uyd_Tw6Eg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] hw/scsi-bus.c: Fix use of uninitialised
	variable
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>, qemu-devel@nongnu.org, patches@linaro.org

On Fri, Aug 12, 2011 at 4:49 PM, Peter Maydell <peter.maydell@linaro.org> w=
rote:
> Don't use req before it has been initialised in scsi_req_new().
> This fixes a compile failure due to gcc complaining about this.

It fixes a crash if the warning is ignored:
Configuration device id QEMU version 1 machine id 32

Program received signal SIGSEGV, Segmentation fault.
scsi_req_new (d=3D0x15e46b0, tag=3D0x0, lun=3D0x0, buf=3D0x7fffffffde41 "\0=
22",
    hba_private=3D<value optimized out>) at /src/qemu/hw/scsi-bus.c:375
375             if (req->cmd.lba !=3D -1) {
(gdb) bt
#0  scsi_req_new (d=3D0x15e46b0, tag=3D0x0, lun=3D0x0, buf=3D0x7fffffffde41=
 "\022",
    hba_private=3D<value optimized out>) at /src/qemu/hw/scsi-bus.c:375
#1  0x000000000052c6ef in do_busid_cmd (s=3D0x15e2790, buf=3D0x0,
    busid=3D<value optimized out>) at /src/qemu/hw/esp.c:247
#2  0x000000000052cc5d in do_cmd (s=3D0x15e2790) at /src/qemu/hw/esp.c:270
#3  handle_satn (s=3D0x15e2790) at /src/qemu/hw/esp.c:284
#4  0x000000000052d174 in esp_mem_writeb (opaque=3D0x15e2790,
    addr=3D<value optimized out>, val=3D0xc2) at /src/qemu/hw/esp.c:640
#5  0x000000004003d1f5 in ?? ()
#6  0x0000000001632330 in ?? ()
#7  0x0000000001632280 in ?? ()
#8  0x00007fffffffe180 in ?? ()
#9  0x3d3d87e90d932400 in ?? ()
#10 0x00007ffff7eefd00 in ?? ()
#11 0x00000000004dc558 in tb_reset_jump_recursive2 (tb=3D0xffee100c)
    at /src/qemu/exec.c:1389
#12 tb_reset_jump_recursive (tb=3D0xffee100c) at /src/qemu/exec.c:1395
#13 0x000000000040bdea in qemu_notify_event () at /src/qemu/cpus.c:616
#14 <signal handler called>
#15 0x00000000004de681 in cpu_sparc_exec (env=3D0x1059600)
    at /src/qemu/cpu-exec.c:528
#16 0x000000000040c1fc in tcg_cpu_exec () at /src/qemu/cpus.c:1064
#17 cpu_exec_all () at /src/qemu/cpus.c:1105
#18 0x0000000000519497 in main_loop (argc=3D<value optimized out>,
    argv=3D<value optimized out>, envp=3D<value optimized out>)
    at /src/qemu/vl.c:1392
#19 main (argc=3D<value optimized out>, argv=3D<value optimized out>,
    envp=3D<value optimized out>) at /src/qemu/vl.c:3356
(gdb) p req
$1 =3D <value optimized out>
(gdb) p req->cmd
Cannot access memory at address 0x28
(gdb) p req->cmd.lba
Cannot access memory at address 0x48

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> =C2=A0hw/scsi-bus.c | =C2=A0 =C2=A02 +-
> =C2=A01 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
> index f2af6cd..559d5a4 100644
> --- a/hw/scsi-bus.c
> +++ b/hw/scsi-bus.c
> @@ -372,7 +372,7 @@ SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag=
, uint32_t lun,
> =C2=A0 =C2=A0 } else {
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 trace_scsi_req_parsed(d->id, lun, tag, buf[0]=
,
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 cmd.mode, cmd.xfer);
> - =C2=A0 =C2=A0 =C2=A0 =C2=A0if (req->cmd.lba !=3D -1) {
> + =C2=A0 =C2=A0 =C2=A0 =C2=A0if (cmd.lba !=3D -1) {
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 trace_scsi_req_parsed_lba(d->id=
, lun, tag, buf[0],
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 cmd.lba);
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 }
> --
> 1.7.1
>
>
>