accel/tcg: Fix uninitialized host_pc in tb_gen_code

[PATCH] accel/tcg: Fix uninitialized host_pc in tb_gen_code

Panda Jiang posted 1 patch 1 day, 23 hours ago

Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260123091505.20025-1-3160104094@zju.edu.cn

Maintainers: Richard Henderson <richard.henderson@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>

accel/tcg/translate-all.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

Expand all Fold all

[PATCH] accel/tcg: Fix uninitialized host_pc in tb_gen_code

Posted by Panda Jiang 1 day, 23 hours ago

In tb_gen_code(), the local variable 'host_pc' was declared without
an initial value.

If get_page_addr_code_hostp() fails to find a host mapping for the
guest PC (e.g., when translating from an I/O region), it returns -1
but may not update the value of 'host_pc'. The function then proceeds
with an uninitialized 'host_pc' variable.

This leads to undefined behavior when this uninitialized pointer is
later passed to setjmp_gen_code(). This was observed as a segmentation
fault (coredump) when running QEMU with the '-d in_asm' logging
option, which enables the code path that uses this variable.

Fix this by initializing 'host_pc' to NULL upon declaration. This
ensures it has a well-defined value in all code paths, preventing
the crash.

Signed-off-by: Panda Jiang <3160104094@zju.edu.cn>
---
 accel/tcg/translate-all.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c
index fba4e9dc21..140f100cca 100644
--- a/accel/tcg/translate-all.c
+++ b/accel/tcg/translate-all.c
@@ -266,7 +266,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu, TCGTBCPUState s)
     tcg_insn_unit *gen_code_buf;
     int gen_code_size, search_size, max_insns;
     int64_t ti;
-    void *host_pc;
+    void *host_pc = NULL;
 
     assert_memory_lock();
     qemu_thread_jit_write();
-- 
2.39.2 (Apple Git-143)