system/physmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
From: Thomas Huth <thuth@redhat.com>
When compiling QEMU with --enable-ubsan there is a undefined behavior
warning when running the bios-tables-test for example:
.../system/physmem.c:3243:13: runtime error: applying non-zero offset 262144 to null pointer
#0 0x55ac1df5fbc4 in address_space_write_rom_internal .../system/physmem.c:3243:13
The problem is that buf is indeed NULL if the function is e.g. called
with type == FLUSH_CACHE. Add a check to fix the issue.
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
system/physmem.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/system/physmem.c b/system/physmem.c
index 130c148ffb5..00333ffa7f7 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -3240,8 +3240,10 @@ static inline MemTxResult address_space_write_rom_internal(AddressSpace *as,
}
}
len -= l;
- buf += l;
addr += l;
+ if (buf) {
+ buf += l;
+ }
}
return MEMTX_OK;
}
--
2.50.1On 28.07.25 19:25, Thomas Huth wrote: > From: Thomas Huth <thuth@redhat.com> > > When compiling QEMU with --enable-ubsan there is a undefined behavior > warning when running the bios-tables-test for example: > > .../system/physmem.c:3243:13: runtime error: applying non-zero offset 262144 to null pointer > #0 0x55ac1df5fbc4 in address_space_write_rom_internal .../system/physmem.c:3243:13 > > The problem is that buf is indeed NULL if the function is e.g. called > with type == FLUSH_CACHE. Add a check to fix the issue. > > Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> -- Cheers, David / dhildenb
Cc'ing Patrick & Peter for similar patch:
https://lore.kernel.org/qemu-devel/aCUDxEQVACn5CY8f@x1.local/
On 28/7/25 19:25, Thomas Huth wrote:
> From: Thomas Huth <thuth@redhat.com>
>
> When compiling QEMU with --enable-ubsan there is a undefined behavior
> warning when running the bios-tables-test for example:
>
> .../system/physmem.c:3243:13: runtime error: applying non-zero offset 262144 to null pointer
> #0 0x55ac1df5fbc4 in address_space_write_rom_internal .../system/physmem.c:3243:13
>
> The problem is that buf is indeed NULL if the function is e.g. called
> with type == FLUSH_CACHE. Add a check to fix the issue.
>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
> ---
> system/physmem.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/system/physmem.c b/system/physmem.c
> index 130c148ffb5..00333ffa7f7 100644
> --- a/system/physmem.c
> +++ b/system/physmem.c
> @@ -3240,8 +3240,10 @@ static inline MemTxResult address_space_write_rom_internal(AddressSpace *as,
> }
> }
> len -= l;
> - buf += l;
> addr += l;
> + if (buf) {
> + buf += l;
> + }
> }
> return MEMTX_OK;
> }
On Mon, Jul 28, 2025 at 08:43:47PM +0200, Philippe Mathieu-Daudé wrote: > Cc'ing Patrick & Peter for similar patch: > https://lore.kernel.org/qemu-devel/aCUDxEQVACn5CY8f@x1.local/ This version seems to work. > > On 28/7/25 19:25, Thomas Huth wrote: > > From: Thomas Huth <thuth@redhat.com> > > > > When compiling QEMU with --enable-ubsan there is a undefined behavior > > warning when running the bios-tables-test for example: > > > > .../system/physmem.c:3243:13: runtime error: applying non-zero offset 262144 to null pointer > > #0 0x55ac1df5fbc4 in address_space_write_rom_internal .../system/physmem.c:3243:13 I can trigger this by as simple as "./qemu-system-x86_64 -accel kvm". I queued it, thanks. -- Peter Xu
© 2016 - 2025 Red Hat, Inc.