Patchwork hw/scsi-bus.c: Fix use of uninitialised variable

login
register
mail settings
Submitter Peter Maydell
Date Aug. 12, 2011, 4:49 p.m.
Message ID <1313167776-27926-1-git-send-email-peter.maydell@linaro.org>
Download mbox | patch
Permalink /patch/109876/
State New
Headers show

Comments

Peter Maydell - Aug. 12, 2011, 4:49 p.m.
Don't use req before it has been initialised in scsi_req_new().
This fixes a compile failure due to gcc complaining about this.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/scsi-bus.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)
Blue Swirl - Aug. 12, 2011, 7:22 p.m.
On Fri, Aug 12, 2011 at 4:49 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Don't use req before it has been initialised in scsi_req_new().
> This fixes a compile failure due to gcc complaining about this.

It fixes a crash if the warning is ignored:
Configuration device id QEMU version 1 machine id 32

Program received signal SIGSEGV, Segmentation fault.
scsi_req_new (d=0x15e46b0, tag=0x0, lun=0x0, buf=0x7fffffffde41 "\022",
    hba_private=<value optimized out>) at /src/qemu/hw/scsi-bus.c:375
375             if (req->cmd.lba != -1) {
(gdb) bt
#0  scsi_req_new (d=0x15e46b0, tag=0x0, lun=0x0, buf=0x7fffffffde41 "\022",
    hba_private=<value optimized out>) at /src/qemu/hw/scsi-bus.c:375
#1  0x000000000052c6ef in do_busid_cmd (s=0x15e2790, buf=0x0,
    busid=<value optimized out>) at /src/qemu/hw/esp.c:247
#2  0x000000000052cc5d in do_cmd (s=0x15e2790) at /src/qemu/hw/esp.c:270
#3  handle_satn (s=0x15e2790) at /src/qemu/hw/esp.c:284
#4  0x000000000052d174 in esp_mem_writeb (opaque=0x15e2790,
    addr=<value optimized out>, val=0xc2) at /src/qemu/hw/esp.c:640
#5  0x000000004003d1f5 in ?? ()
#6  0x0000000001632330 in ?? ()
#7  0x0000000001632280 in ?? ()
#8  0x00007fffffffe180 in ?? ()
#9  0x3d3d87e90d932400 in ?? ()
#10 0x00007ffff7eefd00 in ?? ()
#11 0x00000000004dc558 in tb_reset_jump_recursive2 (tb=0xffee100c)
    at /src/qemu/exec.c:1389
#12 tb_reset_jump_recursive (tb=0xffee100c) at /src/qemu/exec.c:1395
#13 0x000000000040bdea in qemu_notify_event () at /src/qemu/cpus.c:616
#14 <signal handler called>
#15 0x00000000004de681 in cpu_sparc_exec (env=0x1059600)
    at /src/qemu/cpu-exec.c:528
#16 0x000000000040c1fc in tcg_cpu_exec () at /src/qemu/cpus.c:1064
#17 cpu_exec_all () at /src/qemu/cpus.c:1105
#18 0x0000000000519497 in main_loop (argc=<value optimized out>,
    argv=<value optimized out>, envp=<value optimized out>)
    at /src/qemu/vl.c:1392
#19 main (argc=<value optimized out>, argv=<value optimized out>,
    envp=<value optimized out>) at /src/qemu/vl.c:3356
(gdb) p req
$1 = <value optimized out>
(gdb) p req->cmd
Cannot access memory at address 0x28
(gdb) p req->cmd.lba
Cannot access memory at address 0x48

> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/scsi-bus.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
> index f2af6cd..559d5a4 100644
> --- a/hw/scsi-bus.c
> +++ b/hw/scsi-bus.c
> @@ -372,7 +372,7 @@ SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
>     } else {
>         trace_scsi_req_parsed(d->id, lun, tag, buf[0],
>                               cmd.mode, cmd.xfer);
> -        if (req->cmd.lba != -1) {
> +        if (cmd.lba != -1) {
>             trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
>                                       cmd.lba);
>         }
> --
> 1.7.1
>
>
>
Paolo Bonzini - Aug. 14, 2011, 6:03 p.m.
On 08/12/2011 06:49 PM, Peter Maydell wrote:
> Don't use req before it has been initialised in scsi_req_new().
> This fixes a compile failure due to gcc complaining about this.
>
> Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
> ---
>   hw/scsi-bus.c |    2 +-
>   1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
> index f2af6cd..559d5a4 100644
> --- a/hw/scsi-bus.c
> +++ b/hw/scsi-bus.c
> @@ -372,7 +372,7 @@ SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
>       } else {
>           trace_scsi_req_parsed(d->id, lun, tag, buf[0],
>                                 cmd.mode, cmd.xfer);
> -        if (req->cmd.lba != -1) {
> +        if (cmd.lba != -1) {
>               trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
>                                         cmd.lba);
>           }

Acked-by: Paolo Bonzini <pbonzini@redhat.com>

Paolo
Blue Swirl - Aug. 14, 2011, 8 p.m.
Thanks, applied.

On Fri, Aug 12, 2011 at 4:49 PM, Peter Maydell <peter.maydell@linaro.org> wrote:
> Don't use req before it has been initialised in scsi_req_new().
> This fixes a compile failure due to gcc complaining about this.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/scsi-bus.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
> index f2af6cd..559d5a4 100644
> --- a/hw/scsi-bus.c
> +++ b/hw/scsi-bus.c
> @@ -372,7 +372,7 @@ SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
>     } else {
>         trace_scsi_req_parsed(d->id, lun, tag, buf[0],
>                               cmd.mode, cmd.xfer);
> -        if (req->cmd.lba != -1) {
> +        if (cmd.lba != -1) {
>             trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
>                                       cmd.lba);
>         }
> --
> 1.7.1
>
>
>

Patch

diff --git a/hw/scsi-bus.c b/hw/scsi-bus.c
index f2af6cd..559d5a4 100644
--- a/hw/scsi-bus.c
+++ b/hw/scsi-bus.c
@@ -372,7 +372,7 @@  SCSIRequest *scsi_req_new(SCSIDevice *d, uint32_t tag, uint32_t lun,
     } else {
         trace_scsi_req_parsed(d->id, lun, tag, buf[0],
                               cmd.mode, cmd.xfer);
-        if (req->cmd.lba != -1) {
+        if (cmd.lba != -1) {
             trace_scsi_req_parsed_lba(d->id, lun, tag, buf[0],
                                       cmd.lba);
         }