The variables uext_opc and sext_opc are used without initialization if
TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending
on the compiler, might be the generation of extract and sextract opcodes
with invalid offset and count, or just random data in the TCG opcode
stream.
Fixes: ceb9ee06b71 ("tcg/optimize: Handle TCG_COND_TST{EQ,NE}", 2024-02-03)
Cc: Richard Henderson <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
tcg/optimize.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tcg/optimize.c b/tcg/optimize.c
index 79e701652bf..752cc5c56b6 100644
--- a/tcg/optimize.c
+++ b/tcg/optimize.c
@@ -2102,7 +2102,8 @@ static bool fold_remainder(OptContext *ctx, TCGOp *op)
static void fold_setcond_tst_pow2(OptContext *ctx, TCGOp *op, bool neg)
{
- TCGOpcode and_opc, sub_opc, xor_opc, neg_opc, shr_opc, uext_opc, sext_opc;
+ TCGOpcode and_opc, sub_opc, xor_opc, neg_opc, shr_opc;
+ TCGOpcode uext_opc = 0, sext_opc = 0;
TCGCond cond = op->args[3];
TCGArg ret, src1, src2;
TCGOp *op2;
--
2.43.2On 28/2/24 12:06, Paolo Bonzini wrote:
> The variables uext_opc and sext_opc are used without initialization if
> TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending
> on the compiler, might be the generation of extract and sextract opcodes
Shouldn't compilers bark?
> with invalid offset and count, or just random data in the TCG opcode
> stream.
>
> Fixes: ceb9ee06b71 ("tcg/optimize: Handle TCG_COND_TST{EQ,NE}", 2024-02-03)
> Cc: Richard Henderson <pbonzini@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> tcg/optimize.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
On Wed, Feb 28, 2024 at 12:19 PM Philippe Mathieu-Daudé
<philmd@linaro.org> wrote:
>
> On 28/2/24 12:06, Paolo Bonzini wrote:
> > The variables uext_opc and sext_opc are used without initialization if
> > TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending
> > on the compiler, might be the generation of extract and sextract opcodes
>
> Shouldn't compilers bark?
I expected that too...
Paolo
> > with invalid offset and count, or just random data in the TCG opcode
> > stream.
> >
> > Fixes: ceb9ee06b71 ("tcg/optimize: Handle TCG_COND_TST{EQ,NE}", 2024-02-03)
> > Cc: Richard Henderson <pbonzini@redhat.com>
> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> > ---
> > tcg/optimize.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
>
> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>
On 2/28/24 02:20, Paolo Bonzini wrote:
> On Wed, Feb 28, 2024 at 12:19 PM Philippe Mathieu-Daudé
> <philmd@linaro.org> wrote:
>>
>> On 28/2/24 12:06, Paolo Bonzini wrote:
>>> The variables uext_opc and sext_opc are used without initialization if
>>> TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending
>>> on the compiler, might be the generation of extract and sextract opcodes
>>
>> Shouldn't compilers bark?
>
> I expected that too...
Weird. Anyhoo,
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
On 2/28/24 09:29, Richard Henderson wrote:
> On 2/28/24 02:20, Paolo Bonzini wrote:
>> On Wed, Feb 28, 2024 at 12:19 PM Philippe Mathieu-Daudé
>> <philmd@linaro.org> wrote:
>>>
>>> On 28/2/24 12:06, Paolo Bonzini wrote:
>>>> The variables uext_opc and sext_opc are used without initialization if
>>>> TCG_TARGET_extract_i{32,64}_valid returns false. The result, depending
>>>> on the compiler, might be the generation of extract and sextract opcodes
>>>
>>> Shouldn't compilers bark?
>>
>> I expected that too...
>
> Weird. Anyhoo,
>
> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Queued, thanks.
r~
© 2016 - 2024 Red Hat, Inc.