In tb_gen_code(), the local variable 'host_pc' was declared without an initial value.
If get_page_addr_code_hostp() fails to find a host mapping for the guest PC (e.g., when translating from an I/O region), it returns -1 but may not update the value of 'host_pc'. The function then proceeds with an uninitialized 'host_pc' variable. This leads to undefined behavior when this uninitialized pointer is later passed to setjmp_gen_code(). This was observed as a segmentation fault (coredump) when running QEMU with the '-d in_asm' logging option, which enables the code path that uses this variable. Fix this by initializing 'host_pc' to NULL upon declaration. This ensures it has a well-defined value in all code paths, preventing the crash. Signed-off-by: Panda Jiang <[email protected]> --- accel/tcg/translate-all.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/accel/tcg/translate-all.c b/accel/tcg/translate-all.c index fba4e9dc21..140f100cca 100644 --- a/accel/tcg/translate-all.c +++ b/accel/tcg/translate-all.c @@ -266,7 +266,7 @@ TranslationBlock *tb_gen_code(CPUState *cpu, TCGTBCPUState s) tcg_insn_unit *gen_code_buf; int gen_code_size, search_size, max_insns; int64_t ti; - void *host_pc; + void *host_pc = NULL; assert_memory_lock(); qemu_thread_jit_write(); -- 2.39.2 (Apple Git-143)
