[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] hw/ppc/spapr_iommu.c: spapr_tce_reset() calls memset on NUL
From: |
Peter Maydell |
Subject: |
[Qemu-devel] hw/ppc/spapr_iommu.c: spapr_tce_reset() calls memset on NULL pointer |
Date: |
Fri, 5 Aug 2016 10:45:57 +0100 |
If you build with clang-3.8's undefined behaviour sanitizer
it reveals that hw/ppc/spapr_iommu.c is calling memset()
with a NULL pointer:
$ (cd build/clang; UBSAN_OPTIONS=print_stacktrace=1
QTEST_QEMU_BINARY=ppc64-softmmu/qemu-system-ppc64
QTEST_QEMU_IMG=qemu-img MALLOC_PERTURB_=${MALLOC_PERTURB_:-$((RANDOM %
255 + 1))} gtester -k --verbose -m=quick tests/endianness-test)
TEST: tests/endianness-test... (pid=9726)
/ppc64/endianness/mac99: OK
/ppc64/endianness/pseries:
/home/petmay01/linaro/qemu-from-laptop/qemu/hw/ppc/spapr_iommu.c:388:12:
runtime error: null pointer passed as argument 1, which is declared to
never be null
/usr/include/string.h:62:62: note: nonnull attribute specified here
#0 0x562e11e5a793 in spapr_tce_reset
/home/petmay01/linaro/qemu-from-laptop/qemu/hw/ppc/spapr_iommu.c:388:5
#1 0x562e11e69259 in spapr_phb_children_reset
/home/petmay01/linaro/qemu-from-laptop/qemu/hw/ppc/spapr_pci.c:1487:9
#2 0x562e12712cbf in do_object_child_foreach
/home/petmay01/linaro/qemu-from-laptop/qemu/qom/object.c:837:19
#3 0x562e11e67b1b in spapr_phb_reset
/home/petmay01/linaro/qemu-from-laptop/qemu/hw/ppc/spapr_pci.c:1519:5
#4 0x562e12210405 in qdev_reset_one
/home/petmay01/linaro/qemu-from-laptop/qemu/hw/core/qdev.c:295:5
#5 0x562e122103af in qdev_walk_children
/home/petmay01/linaro/qemu-from-laptop/qemu/hw/core/qdev.c:610:15
#6 0x562e1221c808 in qbus_walk_children
/home/petmay01/linaro/qemu-from-laptop/qemu/hw/core/bus.c:59:15
#7 0x562e1208d362 in qemu_devices_reset
/home/petmay01/linaro/qemu-from-laptop/qemu/vl.c:1712:9
#8 0x562e11e460ed in ppc_spapr_reset
/home/petmay01/linaro/qemu-from-laptop/qemu/hw/ppc/spapr.c:1198:5
#9 0x562e1208d3fb in qemu_system_reset
/home/petmay01/linaro/qemu-from-laptop/qemu/vl.c:1725:9
#10 0x562e12093479 in main
/home/petmay01/linaro/qemu-from-laptop/qemu/vl.c:4574:5
#11 0x7f61a4a1282f in __libc_start_main
/build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#12 0x562e11be80b8 in _start
(/home/petmay01/linaro/qemu-from-laptop/qemu/build/clang/ppc64-softmmu/qemu-system-ppc64+0xcbc0b8)
OK
Presumably the size is also 0 in this case or it would
segfault, but this is UB. Would somebody like to take a
look at fixing it?
thanks
-- PMM
- [Qemu-devel] hw/ppc/spapr_iommu.c: spapr_tce_reset() calls memset on NULL pointer,
Peter Maydell <=