| Message ID | 20230127050815.4155276-1-marmarek@invisiblethingslab.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | hw/xen/xen_pt: fix uninitialized variable | expand |
On Fri, 27 Jan 2023, Marek Marczykowski-Górecki wrote: > xen_pt_config_reg_init() reads only that many bytes as the size of the > register that is being initialized. It uses > xen_host_pci_get_{byte,word,long} and casts its last argument to > expected pointer type. This means for smaller registers higher bits of > 'val' are not initialized. Then, the function fails if any of those > higher bits are set. > > Fix this by initializing 'val' with zero. > > Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> > --- > hw/xen/xen_pt_config_init.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c > index cde898b744..8b9b554352 100644 > --- a/hw/xen/xen_pt_config_init.c > +++ b/hw/xen/xen_pt_config_init.c > @@ -1924,7 +1924,7 @@ static void xen_pt_config_reg_init(XenPCIPassthroughState *s, > if (reg->init) { > uint32_t host_mask, size_mask; > unsigned int offset; > - uint32_t val; > + uint32_t val = 0; > > /* initialize emulate register */ > rc = reg->init(s, reg_entry->reg, > -- > 2.37.3 >
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c index cde898b744..8b9b554352 100644 --- a/hw/xen/xen_pt_config_init.c +++ b/hw/xen/xen_pt_config_init.c @@ -1924,7 +1924,7 @@ static void xen_pt_config_reg_init(XenPCIPassthroughState *s, if (reg->init) { uint32_t host_mask, size_mask; unsigned int offset; - uint32_t val; + uint32_t val = 0; /* initialize emulate register */ rc = reg->init(s, reg_entry->reg,
xen_pt_config_reg_init() reads only that many bytes as the size of the register that is being initialized. It uses xen_host_pci_get_{byte,word,long} and casts its last argument to expected pointer type. This means for smaller registers higher bits of 'val' are not initialized. Then, the function fails if any of those higher bits are set. Fix this by initializing 'val' with zero. Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> --- hw/xen/xen_pt_config_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)