From: Jamin Lin <jamin_lin@aspeedtech.com>

i3c_send_byte() declared num_sent without initializing it before
passing its address to i3c_send().

Although i3c_send_byte() itself ignores num_sent after the call,
i3c_send() forwards it to trace_i3c_send(). If the target send
callback does not set *num_sent, the trace may print an
uninitialized value, leading to misleading or garbage output.

Example concern from review:
  trace_i3c_send(*num_sent, num_to_send, ret == 0);

If *num_sent is not written by the callback, this trace can report
an incorrect number of transmitted bytes.

Initialize num_sent to 0 to ensure deterministic and predictable
trace output, even if the callback fails to update it.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Reviewed-by: Jithu Joseph <jithu.joseph@oss.qualcomm.com>
Link: https://lore.kernel.org/qemu-devel/20260303013322.1297499-4-jamin_lin@aspeedtech.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 hw/i3c/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/i3c/core.c b/hw/i3c/core.c
index 0a266e00a279..168526003dab 100644
--- a/hw/i3c/core.c
+++ b/hw/i3c/core.c
@@ -325,7 +325,7 @@ int i3c_send_byte(I3CBus *bus, uint8_t data)
      * Ignored, the caller can determine how many were sent based on if this was
      * ACKed/NACKed.
      */
-    uint32_t num_sent;
+    uint32_t num_sent = 0;
     return i3c_send(bus, &data, 1, &num_sent);
 }
 
-- 
2.53.0