* Fwd: New Defects reported by Coverity Scan for QEMU
[not found] <618af1a42c458_27197b2b2515bd79b8920c6@prd-scan-dashboard-0.mail>
@ 2021-11-10 8:18 ` Cédric Le Goater
2021-11-12 16:28 ` Matheus K. Ferst
0 siblings, 1 reply; 4+ messages in thread
From: Cédric Le Goater @ 2021-11-10 8:18 UTC (permalink / raw)
To: Luis Fernando Fujita Pires, QEMU Developers, QEMU PowerPC
Hello Luis,
Coverity found a couple of issues which seem related to the DFP patchset.
Could you please take a look ?
Thanks,
C.
-------- Forwarded Message --------
Subject: New Defects reported by Coverity Scan for QEMU
Date: Tue, 9 Nov 2021 22:09:40 +0000
From: scan-admin@coverity.com
To: clg@kaod.org
Hi,
Please find the latest report on new defect(s) introduced to QEMU found with Coverity Scan.
16 new defect(s) introduced to QEMU found with Coverity Scan.
19 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)
** CID 1465791: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465791: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 1202 in helper_DENBCD()
1196 } \
1197 dfp_finalize_decimal##size(&dfp); \
1198 dfp_set_FPRF_from_FRT(&dfp); \
1199 set_dfp##size(t, &dfp.vt); \
1200 }
1201
>>> CID 1465791: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
1202 DFP_HELPER_ENBCD(DENBCD, 64)
1203 DFP_HELPER_ENBCD(DENBCDQ, 128)
1204
1205 #define DFP_HELPER_XEX(op, size) \
1206 void helper_##op(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *b) \
1207 { \
** CID 1465790: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465790: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 461 in helper_DSUB()
455 dfp_check_for_UX(dfp);
456 dfp_check_for_XX(dfp);
457 dfp_check_for_VXSNAN(dfp);
458 dfp_check_for_VXISI_subtract(dfp);
459 }
460
>>> CID 1465790: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
461 DFP_HELPER_TAB(DSUB, decNumberSubtract, SUB_PPs, 64)
462 DFP_HELPER_TAB(DSUBQ, decNumberSubtract, SUB_PPs, 128)
463
464 static void MUL_PPs(struct PPC_DFP *dfp)
465 {
466 dfp_set_FPRF_from_FRT(dfp);
** CID 1465789: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465789: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 876 in helper_DRINTX()
870 {
871 dfp_set_FPRF_from_FRT(dfp);
872 dfp_check_for_XX(dfp);
873 dfp_check_for_VXSNAN(dfp);
874 }
875
>>> CID 1465789: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
876 DFP_HELPER_RINT(DRINTX, RINTX_PPs, 64)
877 DFP_HELPER_RINT(DRINTXQ, RINTX_PPs, 128)
878
879 static void RINTN_PPs(struct PPC_DFP *dfp)
880 {
881 dfp_set_FPRF_from_FRT(dfp);
** CID 1465788: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465788: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 1390 in helper_DSCLI()
1384 } \
1385 } \
1386 \
1387 set_dfp##size(t, &dfp.vt); \
1388 }
1389
>>> CID 1465788: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
1390 DFP_HELPER_SHIFT(DSCLI, 64, 1)
1391 DFP_HELPER_SHIFT(DSCLIQ, 128, 1)
1392 DFP_HELPER_SHIFT(DSCRI, 64, 0)
** CID 1465787: (BAD_SHIFT)
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
________________________________________________________________________________________________________
*** CID 1465787: (BAD_SHIFT)
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
363 /*
364 * Discards the processed bits from 'src' and 'mask'. Note that we are
365 * removing 'n' trailing zeros from 'mask', but the logical shift will
366 * add 'n' leading zeros back, so the population count of 'mask' is kept
367 * the same.
368 */
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "src >>= n", right shifting by more than 63 bits has undefined behavior. The shift amount, "n", is as much as 64.
369 src >>= n;
370 mask >>= n;
371 i -= n;
372 bit = !bit;
373 mask = ~mask;
374 }
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
364 * Discards the processed bits from 'src' and 'mask'. Note that we are
365 * removing 'n' trailing zeros from 'mask', but the logical shift will
366 * add 'n' leading zeros back, so the population count of 'mask' is kept
367 * the same.
368 */
369 src >>= n;
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "mask >>= n", right shifting by more than 63 bits has undefined behavior. The shift amount, "n", is as much as 64.
370 mask >>= n;
371 i -= n;
372 bit = !bit;
373 mask = ~mask;
374 }
375
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
350
351 /*
352 * Extracts 'n' trailing bits of src and put them on the leading 'n'
353 * bits of 'right' or 'left', pushing down the previously extracted
354 * values.
355 */
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "1LL << n", left shifting by more than 63 bits has undefined behavior. The shift amount, "n", is 64.
356 m = (1ll << n) - 1;
357 if (bit) {
358 right = ror64(right | (src & m), n);
359 } else {
360 left = ror64(left | (src & m), n);
361 }
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
350
351 /*
352 * Extracts 'n' trailing bits of src and put them on the leading 'n'
353 * bits of 'right' or 'left', pushing down the previously extracted
354 * values.
355 */
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "1LL << n", left shifting by more than 63 bits has undefined behavior. The shift amount, "n", is as much as 64.
356 m = (1ll << n) - 1;
357 if (bit) {
358 right = ror64(right | (src & m), n);
359 } else {
360 left = ror64(left | (src & m), n);
361 }
/qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
350
351 /*
352 * Extracts 'n' trailing bits of src and put them on the leading 'n'
353 * bits of 'right' or 'left', pushing down the previously extracted
354 * values.
355 */
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "1LL << n", left shifting by more than 63 bits has undefined behavior. The shift amount, "n", is 64.
356 m = (1ll << n) - 1;
357 if (bit) {
358 right = ror64(right | (src & m), n);
359 } else {
360 left = ror64(left | (src & m), n);
361 }
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
363 /*
364 * Discards the processed bits from 'src' and 'mask'. Note that we are
365 * removing 'n' trailing zeros from 'mask', but the logical shift will
366 * add 'n' leading zeros back, so the population count of 'mask' is kept
367 * the same.
368 */
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "src >>= n", right shifting by more than 63 bits has undefined behavior. The shift amount, "n", is 64.
369 src >>= n;
370 mask >>= n;
371 i -= n;
372 bit = !bit;
373 mask = ~mask;
374 }
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
364 * Discards the processed bits from 'src' and 'mask'. Note that we are
365 * removing 'n' trailing zeros from 'mask', but the logical shift will
366 * add 'n' leading zeros back, so the population count of 'mask' is kept
367 * the same.
368 */
369 src >>= n;
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "mask >>= n", right shifting by more than 63 bits has undefined behavior. The shift amount, "n", is 64.
370 mask >>= n;
371 i -= n;
372 bit = !bit;
373 mask = ~mask;
374 }
375
/qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
364 * Discards the processed bits from 'src' and 'mask'. Note that we are
365 * removing 'n' trailing zeros from 'mask', but the logical shift will
366 * add 'n' leading zeros back, so the population count of 'mask' is kept
367 * the same.
368 */
369 src >>= n;
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "mask >>= n", right shifting by more than 63 bits has undefined behavior. The shift amount, "n", is 64.
370 mask >>= n;
371 i -= n;
372 bit = !bit;
373 mask = ~mask;
374 }
375
/qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
363 /*
364 * Discards the processed bits from 'src' and 'mask'. Note that we are
365 * removing 'n' trailing zeros from 'mask', but the logical shift will
366 * add 'n' leading zeros back, so the population count of 'mask' is kept
367 * the same.
368 */
>>> CID 1465787: (BAD_SHIFT)
>>> In expression "src >>= n", right shifting by more than 63 bits has undefined behavior. The shift amount, "n", is 64.
369 src >>= n;
370 mask >>= n;
371 i -= n;
372 bit = !bit;
373 mask = ~mask;
374 }
** CID 1465786: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465786: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 850 in helper_DRRND()
844 dfp_finalize_decimal##size(&dfp); \
845 QUA_PPs(&dfp); \
846 \
847 set_dfp##size(t, &dfp.vt); \
848 }
849
>>> CID 1465786: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
850 DFP_HELPER_RRND(DRRND, 64)
851 DFP_HELPER_RRND(DRRNDQ, 128)
852
853 #define DFP_HELPER_RINT(op, postprocs, size) \
854 void helper_##op(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *b, \
855 uint32_t r, uint32_t rmc) \
** CID 1465785: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465785: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 489 in helper_DDIV()
483 dfp_check_for_XX(dfp);
484 dfp_check_for_VXSNAN(dfp);
485 dfp_check_for_VXZDZ(dfp);
486 dfp_check_for_VXIDI(dfp);
487 }
488
>>> CID 1465785: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
489 DFP_HELPER_TAB(DDIV, decNumberDivide, DIV_PPs, 64)
490 DFP_HELPER_TAB(DDIVQ, decNumberDivide, DIV_PPs, 128)
491
492 #define DFP_HELPER_BF_AB(op, dnop, postprocs, size) \
493 uint32_t helper_##op(CPUPPCState *env, ppc_fprp_t *a, ppc_fprp_t *b) \
494 { \
** CID 1465784: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465784: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 754 in helper_DQUAI()
748 dfp_finalize_decimal##size(&dfp); \
749 QUA_PPs(&dfp); \
750 \
751 set_dfp##size(t, &dfp.vt); \
752 }
753
>>> CID 1465784: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
754 DFP_HELPER_QUAI(DQUAI, 64)
755 DFP_HELPER_QUAI(DQUAIQ, 128)
756
757 #define DFP_HELPER_QUA(op, size) \
758 void helper_##op(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *a, \
759 ppc_fprp_t *b, uint32_t rmc) \
** CID 1465783: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465783: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 885 in helper_DRINTN()
879 static void RINTN_PPs(struct PPC_DFP *dfp)
880 {
881 dfp_set_FPRF_from_FRT(dfp);
882 dfp_check_for_VXSNAN(dfp);
883 }
884
>>> CID 1465783: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
885 DFP_HELPER_RINT(DRINTN, RINTN_PPs, 64)
886 DFP_HELPER_RINT(DRINTNQ, RINTN_PPs, 128)
887
888 void helper_DCTDP(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *b)
889 {
890 struct PPC_DFP dfp;
** CID 1465782: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465782: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 448 in helper_DADD()
442 dfp_check_for_UX(dfp);
443 dfp_check_for_XX(dfp);
444 dfp_check_for_VXSNAN(dfp);
445 dfp_check_for_VXISI_add(dfp);
446 }
447
>>> CID 1465782: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
448 DFP_HELPER_TAB(DADD, decNumberAdd, ADD_PPs, 64)
449 DFP_HELPER_TAB(DADDQ, decNumberAdd, ADD_PPs, 128)
450
451 static void SUB_PPs(struct PPC_DFP *dfp)
452 {
453 dfp_set_FPRF_from_FRT(dfp);
** CID 1465781: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465781: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 1302 in helper_DIEX()
1296 dfp.t.exponent = exp - bias; \
1297 dfp_finalize_decimal##size(&dfp); \
1298 } \
1299 set_dfp##size(t, &dfp.vt); \
1300 }
1301
>>> CID 1465781: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
1302 DFP_HELPER_IEX(DIEX, 64)
1303 DFP_HELPER_IEX(DIEXQ, 128)
1304
1305 static void dfp_clear_lmd_from_g5msb(uint64_t *t)
1306 {
1307
** CID 1465780: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465780: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 900 in helper_DCTDP()
894 get_dfp64(&vb, b);
895 b_short = (uint32_t)vb.VsrD(1);
896
897 dfp_prepare_decimal64(&dfp, 0, 0, env);
898 decimal32ToNumber((decimal32 *)&b_short, &dfp.t);
899 dfp_finalize_decimal64(&dfp);
>>> CID 1465780: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
900 set_dfp64(t, &dfp.vt);
901 dfp_set_FPRF_from_FRT(&dfp);
902 }
903
904 void helper_DCTQPQ(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *b)
905 {
** CID 1465779: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465779: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 1392 in helper_DSCRI()
1386 \
1387 set_dfp##size(t, &dfp.vt); \
1388 }
1389
1390 DFP_HELPER_SHIFT(DSCLI, 64, 1)
1391 DFP_HELPER_SHIFT(DSCLIQ, 128, 1)
>>> CID 1465779: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
1392 DFP_HELPER_SHIFT(DSCRI, 64, 0)
** CID 1465778: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465778: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 772 in helper_DQUA()
766 dfp_finalize_decimal##size(&dfp); \
767 QUA_PPs(&dfp); \
768 \
769 set_dfp##size(t, &dfp.vt); \
770 }
771
>>> CID 1465778: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
772 DFP_HELPER_QUA(DQUA, 64)
773 DFP_HELPER_QUA(DQUAQ, 128)
774
775 static void _dfp_reround(uint8_t rmc, int32_t ref_sig, int32_t xmax,
776 struct PPC_DFP *dfp)
777 {
** CID 1465777: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465777: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 474 in helper_DMUL()
468 dfp_check_for_UX(dfp);
469 dfp_check_for_XX(dfp);
470 dfp_check_for_VXSNAN(dfp);
471 dfp_check_for_VXIMZ(dfp);
472 }
473
>>> CID 1465777: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
474 DFP_HELPER_TAB(DMUL, decNumberMultiply, MUL_PPs, 64)
475 DFP_HELPER_TAB(DMULQ, decNumberMultiply, MUL_PPs, 128)
476
477 static void DIV_PPs(struct PPC_DFP *dfp)
478 {
479 dfp_set_FPRF_from_FRT(dfp);
** CID 1465776: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1465776: Uninitialized variables (UNINIT)
/qemu/target/ppc/dfp_helper.c: 975 in helper_DCFFIX()
969 static void CFFIX_PPs(struct PPC_DFP *dfp)
970 {
971 dfp_set_FPRF_from_FRT(dfp);
972 dfp_check_for_XX(dfp);
973 }
974
>>> CID 1465776: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "dfp.vt" when calling "set_dfp64".
975 DFP_HELPER_CFFIX(DCFFIX, 64)
976 DFP_HELPER_CFFIX(DCFFIXQ, 128)
977
978 void helper_DCFFIXQQ(CPUPPCState *env, ppc_fprp_t *t, ppc_avr_t *b)
979 {
980 struct PPC_DFP dfp;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yrzEQNXe51mg-2FlKoEnRoarMq5nOxxfhqLUuo8HvG2S4Ew-3D-3DSg6y_jyh8IR9bgNkJ4PKr7qLTzFnRqr0RKmg-2FcJU-2Be8u6URh40eXk8SJLpxByEhc-2FHPvIxWyMhydV0vZXVmTzBPZ-2BVSCWViuYLMmAIR5XxZXt2gddgEzb7N6x1gfGuSHCIvV6kxmV1Simlh0-2Bmfyq5CLPlJawKTnzpyg4dxdi-2FLlbQOpDEjeIVkjlDfy4yZP6Z84ED8WJ2owwylUWv9UKU583OA-3D-3D
To manage Coverity Scan email notifications for "clg@kaod.org", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXx2NauWs5WCDfljKrISmdyL3cg6CAsWxhlPW2GrQ5yEq8FBQfE5u-2Bnily3YOA1FIrF-2FXjqndOW6gCSzH3lrjI7CUDJXmDu1YXBzBCHeTNmois-3DlHjg_jyh8IR9bgNkJ4PKr7qLTzFnRqr0RKmg-2FcJU-2Be8u6URh40eXk8SJLpxByEhc-2FHPvIjbRF4qvX56Lxl-2FIsYIV7MvJzyKgtlFiORVpoNTHAF4bT2GOICQrh92bFlFRFLNzT3vgnv5xWnA4F0xRP3ylFyhYSV9ixRU9WHX5ecBJtaDvhA86qWpAdGZ8xo20wbbjh0YwTwKopJn4wVCFSzYm0Rg-3D-3D
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Fwd: New Defects reported by Coverity Scan for QEMU
2021-11-10 8:18 ` Fwd: New Defects reported by Coverity Scan for QEMU Cédric Le Goater
@ 2021-11-12 16:28 ` Matheus K. Ferst
2021-11-16 20:21 ` Luis Fernando Fujita Pires
0 siblings, 1 reply; 4+ messages in thread
From: Matheus K. Ferst @ 2021-11-12 16:28 UTC (permalink / raw)
To: Cédric Le Goater, Luis Fernando Fujita Pires,
QEMU Developers, QEMU PowerPC
On 10/11/2021 05:18, Cédric Le Goater wrote:
> Hello Luis,
>
> Coverity found a couple of issues which seem related to the DFP patchset.
> Could you please take a look ?
>
> Thanks,
>
> C.
>
>
> -------- Forwarded Message --------
> Subject: New Defects reported by Coverity Scan for QEMU
> Date: Tue, 9 Nov 2021 22:09:40 +0000
> From: scan-admin@coverity.com
> To: clg@kaod.org
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to QEMU found
> with Coverity Scan.
>
> 16 new defect(s) introduced to QEMU found with Coverity Scan.
> 19 defect(s), reported by Coverity Scan earlier, were marked fixed in
> the recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 16 of 16 defect(s)
>
>
> ** CID 1465791: Uninitialized variables (UNINIT)
>
>
> ________________________________________________________________________________________________________
>
> *** CID 1465791: Uninitialized variables (UNINIT)
> /qemu/target/ppc/dfp_helper.c: 1202 in helper_DENBCD()
> 1196
> } \
> 1197
> dfp_finalize_decimal##size(&dfp); \
> 1198
> dfp_set_FPRF_from_FRT(&dfp); \
> 1199 set_dfp##size(t,
> &dfp.vt); \
> 1200 }
> 1201
>>>> CID 1465791: Uninitialized variables (UNINIT)
>>>> Using uninitialized element of array "dfp.vt" when calling
>>>> "set_dfp64".
> 1202 DFP_HELPER_ENBCD(DENBCD, 64)
> 1203 DFP_HELPER_ENBCD(DENBCDQ, 128)
Hi Cédric,
The only change was the helper name that is now uppercase, so nothing
new here. The underlying cause is that dfp_finalize_decimal64 only sets
dfp->vt.VsrD(1) and set_dfp64 receives a pointer to the complete struct.
But since set_dfp64 also only access VsrD(1), it shouldn't be a real
problem AFAICT. The same applies to CID 1465776~1465786 and 1465788~1465790.
> ** CID 1465787: (BAD_SHIFT)
> /qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
> /qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
> /qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
> /qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
> /qemu/target/ppc/int_helper.c: 356 in helper_CFUGED()
> /qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
> /qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
> /qemu/target/ppc/int_helper.c: 370 in helper_CFUGED()
> /qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
>
>
> ________________________________________________________________________________________________________
>
> *** CID 1465787: (BAD_SHIFT)
> /qemu/target/ppc/int_helper.c: 369 in helper_CFUGED()
> 363 /*
> 364 * Discards the processed bits from 'src' and 'mask'.
> Note that we are
> 365 * removing 'n' trailing zeros from 'mask', but the
> logical shift will
> 366 * add 'n' leading zeros back, so the population count
> of 'mask' is kept
> 367 * the same.
> 368 */
>>>> CID 1465787: (BAD_SHIFT)
>>>> In expression "src >>= n", right shifting by more than 63 bits
>>>> has undefined behavior. The shift amount, "n", is as much as 64.
Similar case here, the helper was just renamed. The value of "n" comes
from ctz64(mask) and mask == 0 is a trivial case handled before anything
else.
Thanks,
Matheus K. Ferst
Instituto de Pesquisas ELDORADO <http://www.eldorado.org.br/>
Analista de Software
Aviso Legal - Disclaimer <https://www.eldorado.org.br/disclaimer.html>
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: Fwd: New Defects reported by Coverity Scan for QEMU
2021-11-12 16:28 ` Matheus K. Ferst
@ 2021-11-16 20:21 ` Luis Fernando Fujita Pires
2021-11-17 10:34 ` Cédric Le Goater
0 siblings, 1 reply; 4+ messages in thread
From: Luis Fernando Fujita Pires @ 2021-11-16 20:21 UTC (permalink / raw)
To: Matheus Kowalczuk Ferst, Cédric Le Goater, QEMU Developers,
QEMU PowerPC
From: Matheus K. Ferst <matheus.ferst@eldorado.org.br>
> Hi Cédric,
>
> The only change was the helper name that is now uppercase, so nothing new
> here. The underlying cause is that dfp_finalize_decimal64 only sets
> dfp->vt.VsrD(1) and set_dfp64 receives a pointer to the complete struct.
>
> But since set_dfp64 also only access VsrD(1), it shouldn't be a real
> problem AFAICT. The same applies to CID 1465776~1465786 and
> 1465788~1465790.
Right. Coverity is probably reporting these as new just because the helper macros were re-written as part of the move to decodetree.
I believe these should be marked as false positives.
We *could* also wrap set_dfp{64,128} in new macros that would then reference only the appropriate parts of dfp, but, in this case, I don't think it's worth the trouble.
Thanks,
--
Luis Pires
Instituto de Pesquisas ELDORADO
Aviso Legal - Disclaimer <https://www.eldorado.org.br/disclaimer.html>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Fwd: New Defects reported by Coverity Scan for QEMU
2021-11-16 20:21 ` Luis Fernando Fujita Pires
@ 2021-11-17 10:34 ` Cédric Le Goater
0 siblings, 0 replies; 4+ messages in thread
From: Cédric Le Goater @ 2021-11-17 10:34 UTC (permalink / raw)
To: Luis Fernando Fujita Pires, Matheus Kowalczuk Ferst,
QEMU Developers, QEMU PowerPC
On 11/16/21 21:21, Luis Fernando Fujita Pires wrote:
> From: Matheus K. Ferst <matheus.ferst@eldorado.org.br>
>> Hi Cédric,
>>
>> The only change was the helper name that is now uppercase, so nothing new
>> here. The underlying cause is that dfp_finalize_decimal64 only sets
>> dfp->vt.VsrD(1) and set_dfp64 receives a pointer to the complete struct.
>>
>> But since set_dfp64 also only access VsrD(1), it shouldn't be a real
>> problem AFAICT. The same applies to CID 1465776~1465786 and
>> 1465788~1465790.
>
> Right. Coverity is probably reporting these as new just because the helper macros were re-written as part of the move to decodetree.
> I believe these should be marked as false positives.
>
> We *could* also wrap set_dfp{64,128} in new macros that would then reference only the appropriate parts of dfp, but, in this case, I don't think it's worth the trouble.
Thanks for the help on this,
C.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-11-17 10:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <618af1a42c458_27197b2b2515bd79b8920c6@prd-scan-dashboard-0.mail>
2021-11-10 8:18 ` Fwd: New Defects reported by Coverity Scan for QEMU Cédric Le Goater
2021-11-12 16:28 ` Matheus K. Ferst
2021-11-16 20:21 ` Luis Fernando Fujita Pires
2021-11-17 10:34 ` Cédric Le Goater
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.