From nobody Sat Nov 15 14:49:52 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=reject dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1750243013; cv=none; d=zohomail.com; s=zohoarc; b=RYuJMvEZuMvYd9CFVSeXe/wVr3PIJMnIDM6n1QqmbTaw/BX77nGtOEvWUaof3Xpkjs5scObutqHtNsd+aXfYffDibwWLOl4aPtg5ZCdA4pUNlY/Ho4Pop7RdYGXyUrlruMWXH5wxB6Vr9s4MqBdqgJEOroZOS8IXXjvNGBzvElM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1750243013; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=R3rDYszvxlWiTBfnSijGvFEIf2FE2S3DA8otQMWJp6w=; b=Y8WJvgokxJXTnFP46eQPc9KmeuN41Gm0JAi/Dfpvo0Rx/ncN6sUmKuUJQeb0iqLeU2uBTRUA8ZeDJRDnLZgsxJvMo4xf5khm7/7yKDUvtE1qf+Blz79GGZa57cjrsg6X+0vs7IH0j8jIQ4wtvZ7H0ULSXh1IBFurSL/18N5wy5s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175024301307439.38995568806547; Wed, 18 Jun 2025 03:36:53 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uRq9H-0005GG-IN; Wed, 18 Jun 2025 06:36:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uRq9G-0005G6-CL for qemu-devel@nongnu.org; Wed, 18 Jun 2025 06:36:06 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uRq9E-0001JM-KX for qemu-devel@nongnu.org; Wed, 18 Jun 2025 06:36:06 -0400 Received: from pps.filterd (m0353725.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55I95BPF004256; Wed, 18 Jun 2025 10:36:01 GMT Received: from ppma11.dal12v.mail.ibm.com (db.9e.1632.ip4.static.sl-reverse.com [50.22.158.219]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 478ygndy01-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jun 2025 10:36:01 +0000 (GMT) Received: from pps.filterd (ppma11.dal12v.mail.ibm.com [127.0.0.1]) by ppma11.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 55I9THw1014278; Wed, 18 Jun 2025 10:36:00 GMT Received: from smtprelay05.fra02v.mail.ibm.com ([9.218.2.225]) by ppma11.dal12v.mail.ibm.com (PPS) with ESMTPS id 479p42g41t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 18 Jun 2025 10:36:00 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay05.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 55IAZuYp47907220 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 18 Jun 2025 10:35:57 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DAEDE20040; Wed, 18 Jun 2025 10:35:56 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9C8AC2004B; Wed, 18 Jun 2025 10:35:56 +0000 (GMT) Received: from heavy.ibm.com (unknown [9.111.14.28]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTP; Wed, 18 Jun 2025 10:35:56 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-transfer-encoding:date:from:message-id:mime-version :subject:to; s=pp1; bh=R3rDYszvxlWiTBfnSijGvFEIf2FE2S3DA8otQMWJp 6w=; b=QVaRRVOjOARWxyrmpqYZp7rcTTNg+BeAHOB/yeMf7zwZZrjrI3G09jdA9 M5+57AcRehmEqT8wtaZEGQeqmy+geqahhI9NDCogg6nV8wdq23KqicQKvC5QJOxW dNmmmh5ThahYLec0Fx/DF4GT5RmVRPKsCHbJydHS4jsuWYa96aFZlJEg3CSIAQOI cZLdKaGsCx61Pf5ckqjygkbVxNftcCpfFqJssISEMpSOnEE6q+qDxnH7Vz316o15 FDEPVc3z5eQTYx4wFcUbp4rSshDf1mV1S9QX6964p2PmE4wk8Rj5EWZ998ZyDQ50 rvMuUh78rJP3zl+Y1J7W2fA/o6gFA== From: Ilya Leoshkevich To: Richard Henderson Cc: qemu-devel@nongnu.org, Ilya Leoshkevich Subject: [PATCH] tcg: Remove null pointer arithmetic in tcg_malloc() Date: Wed, 18 Jun 2025 12:35:40 +0200 Message-ID: <20250618103555.2020-1-iii@linux.ibm.com> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjE4MDA4OCBTYWx0ZWRfX5PW+t6MDkhH6 R+tBFjnG36UqJhda2StP26uU0/csWIvLY4s+fjj6XEt9lLCESE8bjz/spXvHbWyl8qsj8DGiaX1 c61vDMIkEOUtlvT6+VSFzjsDdN14VIplppiOEkRx7aZkLvK1Nf5ek5xoYJi3ss9p3ncyGZTH3Wm CSVj3dvd/TBidRPmxB5POApeOH4goZNy2Enm3SR9UZdRP9A/qTTnmCWCxtvTUQ3lJ0g+V09zUPE VW+/gF2QRntgcXbGe5l48MjqG1iQ1QFpiAGVPa+9Ht01zXKLNrwD25oefWTmyNkhQvtuNQRECN5 t7FI3H6psyOSwo9i5e1RwbA4sbZEmN07nVMUYgC+S0dFZSDbZUeaVv82jA2659TRUmr9RDrp0cQ td4OCzF3ufRjRqKYd18nobRBmAY64IJyej7Bj48tbw2aNq9DLn0ZyzuzCldEWfzz2Lfa9Ku/ X-Authority-Analysis: v=2.4 cv=fYSty1QF c=1 sm=1 tr=0 ts=68529691 cx=c_pps a=aDMHemPKRhS1OARIsFnwRA==:117 a=aDMHemPKRhS1OARIsFnwRA==:17 a=6IFa9wvqVegA:10 a=VnNF1IyMAAAA:8 a=lYEB2wbCuentbSekCmQA:9 X-Proofpoint-ORIG-GUID: 9CSpFsO9ol13eA3wmkPdryH3mxam5CO7 X-Proofpoint-GUID: 9CSpFsO9ol13eA3wmkPdryH3mxam5CO7 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-18_04,2025-06-18_02,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 suspectscore=0 spamscore=0 mlxlogscore=946 lowpriorityscore=0 adultscore=0 mlxscore=0 impostorscore=0 bulkscore=0 phishscore=0 clxscore=1015 priorityscore=1501 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.19.0-2505280000 definitions=main-2506180088 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.158.5; envelope-from=iii@linux.ibm.com; helo=mx0b-001b2d01.pphosted.com X-Spam_score_int: -26 X-Spam_score: -2.7 X-Spam_bar: -- X-Spam_report: (-2.7 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1750243015758116600 Content-Type: text/plain; charset="utf-8" Clang 20.1.6 (Fedora 20.1.6-1.fc42)'s UBSAN complains: qemu/include/tcg/tcg.h:715:19: runtime error: applying non-zero offset = 64 to null pointer The code uses NULL as pool's initial start and end, with the intention that `pool_cur + size > pool_end` should trigger the allocation. Unfortunately C prohibits adding non-zero to NULL, even if the result is not dereferenced. Fix by using a dummy pool. Signed-off-by: Ilya Leoshkevich --- tcg/tcg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tcg/tcg.c b/tcg/tcg.c index d714ae2889c..afcc7ec8849 100644 --- a/tcg/tcg.c +++ b/tcg/tcg.c @@ -1358,13 +1358,14 @@ void *tcg_malloc_internal(TCGContext *s, int size) =20 void tcg_pool_reset(TCGContext *s) { + static uint8_t dummy_pool; TCGPool *p, *t; for (p =3D s->pool_first_large; p; p =3D t) { t =3D p->next; g_free(p); } s->pool_first_large =3D NULL; - s->pool_cur =3D s->pool_end =3D NULL; + s->pool_cur =3D s->pool_end =3D &dummy_pool; s->pool_current =3D NULL; } =20 --=20 2.49.0