diff --git a/block-mirror-fix-Werror-maybe-uninitialized-false-po.patch b/block-mirror-fix-Werror-maybe-uninitialized-false-po.patch new file mode 100644 index 0000000000000000000000000000000000000000..b6554bd0a064cc8b9e42bc0b48d136e765be916a --- /dev/null +++ b/block-mirror-fix-Werror-maybe-uninitialized-false-po.patch @@ -0,0 +1,35 @@ +From 452589397a664fb216fb527140a140d88f23191a Mon Sep 17 00:00:00 2001 +From: guping +Date: Thu, 21 Aug 2025 07:07:53 +0000 +Subject: [PATCH] block/mirror: fix -Werror=maybe-uninitialized false-positive + cherry-pick from ba11c88d7a3b7c4d40afec4b84e0660815b2e2d7 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../block/mirror.c:1066:22: error: ‘iostatus’ may be used uninitialized [-Werror=maybe-uninitialized] + +Signed-off-by: Marc-André Lureau +Reviewed-by: Vladimir Sementsov-Ogievskiy + +Signed-off-by: guping +--- + block/mirror.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/mirror.c b/block/mirror.c +index 20b3e8e5d8..2b48e6b09d 100644 +--- a/block/mirror.c ++++ b/block/mirror.c +@@ -934,7 +934,7 @@ static int coroutine_fn mirror_run(Job *job, Error **errp) + MirrorBDSOpaque *mirror_top_opaque = s->mirror_top_bs->opaque; + BlockDriverState *target_bs = blk_bs(s->target); + bool need_drain = true; +- BlockDeviceIoStatus iostatus; ++ BlockDeviceIoStatus iostatus = BLOCK_DEVICE_IO_STATUS__MAX; + int64_t length; + int64_t target_length; + BlockDriverInfo bdi; +-- +2.33.0 + diff --git a/hw-ahci-fix-Werror-maybe-uninitialized-false-positiv.patch b/hw-ahci-fix-Werror-maybe-uninitialized-false-positiv.patch new file mode 100644 index 0000000000000000000000000000000000000000..25435ee36a5c7e5436c1c0424d1f6db3244ec3f6 --- /dev/null +++ b/hw-ahci-fix-Werror-maybe-uninitialized-false-positiv.patch @@ -0,0 +1,42 @@ +From 4d8c015cbe58fca5f562d3d94f14ba132a4c5d17 Mon Sep 17 00:00:00 2001 +From: guping +Date: Thu, 21 Aug 2025 07:30:59 +0000 +Subject: [PATCH] hw/ahci: fix -Werror=maybe-uninitialized false-positive + cherry-pick from 7d6e63d982004abac0690e0ca57946fb330d2e70 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../hw/ide/ahci.c:989:58: error: ‘tbl_entry_size’ may be used uninitialized [-Werror=maybe-uninitialized] + +Signed-off-by: Marc-André Lureau +Reviewed-by: Manos Pitsidianakis + +Signed-off-by: guping +--- + hw/ide/ahci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c +index 8062e1743c..45b947bcfe 100644 +--- a/hw/ide/ahci.c ++++ b/hw/ide/ahci.c +@@ -946,7 +946,6 @@ static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, + uint64_t sum = 0; + int off_idx = -1; + int64_t off_pos = -1; +- int tbl_entry_size; + IDEBus *bus = &ad->port; + BusState *qbus = BUS(bus); + +@@ -974,6 +973,7 @@ static int ahci_populate_sglist(AHCIDevice *ad, QEMUSGList *sglist, + /* Get entries in the PRDT, init a qemu sglist accordingly */ + if (prdtl > 0) { + AHCI_SG *tbl = (AHCI_SG *)prdt; ++ int tbl_entry_size = 0; + sum = 0; + for (i = 0; i < prdtl; i++) { + tbl_entry_size = prdt_tbl_entry_size(&tbl[i]); +-- +2.33.0 + diff --git a/hw-qxl-fix-Werror-maybe-uninitialized-false-positive.patch b/hw-qxl-fix-Werror-maybe-uninitialized-false-positive.patch new file mode 100644 index 0000000000000000000000000000000000000000..45c207721bbf2f972c54907436b8934ef724cf6d --- /dev/null +++ b/hw-qxl-fix-Werror-maybe-uninitialized-false-positive.patch @@ -0,0 +1,38 @@ +From 04c25fbea849944f8062963ab18e4e97c30bca99 Mon Sep 17 00:00:00 2001 +From: guping +Date: Thu, 21 Aug 2025 06:49:09 +0000 +Subject: [PATCH] hw/qxl: fix -Werror=maybe-uninitialized false-positives + cherry-pick from 0a0744f6d868fc2d809d8fac7d25dea2272a1105 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../hw/display/qxl.c:1352:5: error: ‘pci_region’ may be used uninitialized [-Werror=maybe-uninitialized] +../hw/display/qxl.c:1365:22: error: ‘pci_start’ may be used uninitialized [-Werror=maybe-uninitialized] + +Signed-off-by: Marc-André Lureau +Reviewed-by: Manos Pitsidianakis + +Signed-off-by: guping +--- + hw/display/qxl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/display/qxl.c b/hw/display/qxl.c +index 7bb00d68f5..ea028a27f7 100644 +--- a/hw/display/qxl.c ++++ b/hw/display/qxl.c +@@ -1301,8 +1301,8 @@ static int qxl_add_memslot(PCIQXLDevice *d, uint32_t slot_id, uint64_t delta, + }; + uint64_t guest_start; + uint64_t guest_end; +- int pci_region; +- pcibus_t pci_start; ++ int pci_region = -1; ++ pcibus_t pci_start = PCI_BAR_UNMAPPED; + pcibus_t pci_end; + MemoryRegion *mr; + intptr_t virt_start; +-- +2.33.0 + diff --git a/hw-sdhci-fix-Werror-maybe-uninitialized-false-positi.patch b/hw-sdhci-fix-Werror-maybe-uninitialized-false-positi.patch new file mode 100644 index 0000000000000000000000000000000000000000..cf69b1d4a590dc2a5cf3d0b26286e8e6e340dfc3 --- /dev/null +++ b/hw-sdhci-fix-Werror-maybe-uninitialized-false-positi.patch @@ -0,0 +1,37 @@ +From 96f08733674735bc4017f8aee4bb4ad45e8d8bbb Mon Sep 17 00:00:00 2001 +From: guping +Date: Thu, 21 Aug 2025 07:36:55 +0000 +Subject: [PATCH] hw/sdhci: fix -Werror=maybe-uninitialized false-positive + cherry-pick from ea34d1dd968956ec418c4278b39b6c44bb606d9c +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../hw/sd/sdhci.c:846:16: error: ‘res’ may be used uninitialized [-Werror=maybe-uninitialized] + +False-positive, because "length" is non-null. + +Signed-off-by: Marc-André Lureau +Reviewed-by: Alex Bennée + +Signed-off-by: guping +--- + hw/sd/sdhci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c +index e95ea34895..b55dbbb414 100644 +--- a/hw/sd/sdhci.c ++++ b/hw/sd/sdhci.c +@@ -747,7 +747,7 @@ static void sdhci_do_adma(SDHCIState *s) + const uint16_t block_size = s->blksize & BLOCK_SIZE_MASK; + const MemTxAttrs attrs = { .memory = true }; + ADMADescr dscr = {}; +- MemTxResult res; ++ MemTxResult res = MEMTX_ERROR; + int i; + + if (s->trnmod & SDHC_TRNS_BLK_CNT_EN && !s->blkcnt) { +-- +2.33.0 + diff --git a/migration-fix-Werror-maybe-uninitialized-false-posit.patch b/migration-fix-Werror-maybe-uninitialized-false-posit.patch new file mode 100644 index 0000000000000000000000000000000000000000..ad567b5154f430d89c2a52b40a2ccd54b54e5444 --- /dev/null +++ b/migration-fix-Werror-maybe-uninitialized-false-posit.patch @@ -0,0 +1,37 @@ +From 44c3dc67e16e6e5d814fb50e3f1056f8784d69fc Mon Sep 17 00:00:00 2001 +From: guping +Date: Thu, 21 Aug 2025 07:52:59 +0000 +Subject: [PATCH] migration: fix -Werror=maybe-uninitialized false-positive + cherry-pick from 85f99eb2cb9100dcabb43e9380811040e88642d8 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../migration/ram.c:1873:23: error: ‘dirty’ may be used uninitialized [-Werror=maybe-uninitialized] + +When 'block' != NULL, 'dirty' is initialized. + +Signed-off-by: Marc-André Lureau +Acked-by: Peter Xu + +Signed-off-by: guping +--- + migration/ram.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/migration/ram.c b/migration/ram.c +index e6baecf143..028b1ebb6e 100644 +--- a/migration/ram.c ++++ b/migration/ram.c +@@ -1956,7 +1956,7 @@ static bool get_queued_page(RAMState *rs, PageSearchStatus *pss) + { + RAMBlock *block; + ram_addr_t offset; +- bool dirty; ++ bool dirty = false; + + do { + block = unqueue_page(rs, &offset); +-- +2.33.0 + diff --git a/nbd-fix-Werror-maybe-uninitialized-false-positive.patch b/nbd-fix-Werror-maybe-uninitialized-false-positive.patch new file mode 100644 index 0000000000000000000000000000000000000000..89ac9e5a014c7570bed20d804bf697ac8ca7f32e --- /dev/null +++ b/nbd-fix-Werror-maybe-uninitialized-false-positive.patch @@ -0,0 +1,35 @@ +From 9db2be4f194626aef533e7050d7fe7151cda175e Mon Sep 17 00:00:00 2001 +From: guping +Date: Thu, 21 Aug 2025 06:51:33 +0000 +Subject: [PATCH] nbd: fix -Werror=maybe-uninitialized false-positive + cherry-pick from 73ce9bbf8a5242e2d1da76cca7ef031315cad721 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../nbd/client-connection.c:419:8: error: ‘wait_co’ may be used uninitialized [-Werror=maybe-uninitialized] + +Signed-off-by: Marc-André Lureau +Reviewed-by: Eric Blake + +Signed-off-by: guping +--- + nbd/client-connection.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/nbd/client-connection.c b/nbd/client-connection.c +index f9da67c87e..b11e266807 100644 +--- a/nbd/client-connection.c ++++ b/nbd/client-connection.c +@@ -410,7 +410,7 @@ nbd_co_establish_connection(NBDClientConnection *conn, NBDExportInfo *info, + */ + void nbd_co_establish_connection_cancel(NBDClientConnection *conn) + { +- Coroutine *wait_co; ++ Coroutine *wait_co = NULL; + + WITH_QEMU_LOCK_GUARD(&conn->mutex) { + wait_co = g_steal_pointer(&conn->wait_co); +-- +2.33.0 + diff --git a/qemu-img-improve-queue-depth-validation-in-img_bench.patch b/qemu-img-improve-queue-depth-validation-in-img_bench.patch new file mode 100644 index 0000000000000000000000000000000000000000..718751c5b3ddb90e64e5b9b2cb3b3bf3ab3268b0 --- /dev/null +++ b/qemu-img-improve-queue-depth-validation-in-img_bench.patch @@ -0,0 +1,35 @@ +From 7fe8276cb06131266495f0a7bebbcfa1d295283b Mon Sep 17 00:00:00 2001 +From: dinglimin +Date: Thu, 21 Aug 2025 11:17:35 +0800 +Subject: [PATCH] qemu-img: improve queue depth validation in img_bench + +This error was discovered by fuzzing qemu-img. + +Currently, running `qemu-img bench -d 0` in img_bench is allowed, +which is a pointless operation and causes qemu-img to hang. + +Signed-off-by: Denis Rastyogin +Message-ID: <20250327162423.25154-5-gerben@altlinux.org> +Reviewed-by: Kevin Wolf +Signed-off-by: Kevin Wolf +Signed-off-by: dinglimin +--- + qemu-img.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/qemu-img.c b/qemu-img.c +index 49d914c9c4..ca202e2b6f 100644 +--- a/qemu-img.c ++++ b/qemu-img.c +@@ -4601,7 +4601,7 @@ static int img_bench(int argc, char **argv) + { + unsigned long res; + +- if (qemu_strtoul(optarg, NULL, 0, &res) < 0 || res > INT_MAX) { ++ if (qemu_strtoul(optarg, NULL, 0, &res) <= 0 || res > INT_MAX) { + error_report("Invalid queue depth specified"); + return 1; + } +-- +2.33.0 + diff --git a/qemu.spec b/qemu.spec index 1118f3bb9908e8af03c32ace28518ab6e25e0700..f67cfd6c50c4db1d9f74fb06f5ea7f53c7b79176 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 8.2.0 -Release: 42 +Release: 43 Epoch: 11 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -1028,6 +1028,14 @@ Patch1011: amd_iommu-Use-correct-bitmask-to-set-capability-BAR.patch Patch1012: amd_iommu-Use-correct-DTE-field-for-interrupt-passth.patch Patch1013: tcg-Reset-data_gen_ptr-correctly.patch Patch1014: hw-virtio-fix-Werror-maybe-uninitialized.patch +Patch1015: util-timer-fix-Werror-maybe-uninitialized-false-posi.patch +Patch1016: hw-qxl-fix-Werror-maybe-uninitialized-false-positive.patch +Patch1017: nbd-fix-Werror-maybe-uninitialized-false-positive.patch +Patch1018: block-mirror-fix-Werror-maybe-uninitialized-false-po.patch +Patch1019: hw-ahci-fix-Werror-maybe-uninitialized-false-positiv.patch +Patch1020: hw-sdhci-fix-Werror-maybe-uninitialized-false-positi.patch +Patch1021: migration-fix-Werror-maybe-uninitialized-false-posit.patch +Patch1022: qemu-img-improve-queue-depth-validation-in-img_bench.patch BuildRequires: flex BuildRequires: gcc @@ -1630,6 +1638,16 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Thu Aug 28 2025 Pengrui Zhang - 11:8.2.0-43 +- util/timer: fix -Werror=maybe-uninitialized false-positive +- hw/qxl: fix -Werror=maybe-uninitialized false-positives +- nbd: fix -Werror=maybe-uninitialized false-positive +- block/mirror: fix -Werror=maybe-uninitialized false-positive +- hw/ahci: fix -Werror=maybe-uninitialized false-positive +- hw/sdhci: fix -Werror=maybe-uninitialized false-positive +- migration: fix -Werror=maybe-uninitialized false-positive +- qemu-img: improve queue depth validation in img_bench + * Wed Aug 27 2025 Pengrui Zhang - 11:8.2.0-42 - migration: show error message when postcopy fails - docs/about/emulation: Fix broken link diff --git a/util-timer-fix-Werror-maybe-uninitialized-false-posi.patch b/util-timer-fix-Werror-maybe-uninitialized-false-posi.patch new file mode 100644 index 0000000000000000000000000000000000000000..127cbbd6d904b7632d07a8675247e2ba0f44bf72 --- /dev/null +++ b/util-timer-fix-Werror-maybe-uninitialized-false-posi.patch @@ -0,0 +1,54 @@ +From 44e5ec047afd9dd12b843e76075222f2be9666f9 Mon Sep 17 00:00:00 2001 +From: guping +Date: Thu, 21 Aug 2025 06:41:19 +0000 +Subject: [PATCH] util/timer: fix -Werror=maybe-uninitialized false-positive + cherry-pick from 5491295fa5da5e424f0972ddf709412197020747 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../util/qemu-timer.c:198:24: error: ‘expire_time’ may be used uninitialized [-Werror=maybe-uninitialized] +../util/qemu-timer.c:476:8: error: ‘rearm’ may be used uninitialized [-Werror=maybe-uninitialized] + +Signed-off-by: Marc-André Lureau +Reviewed-by: Manos Pitsidianakis + +Signed-off-by: guping +--- + util/qemu-timer.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/util/qemu-timer.c b/util/qemu-timer.c +index dc891cc557..cd1b3b83f4 100644 +--- a/util/qemu-timer.c ++++ b/util/qemu-timer.c +@@ -251,7 +251,7 @@ bool qemu_clock_has_timers(QEMUClockType type) + + bool timerlist_expired(QEMUTimerList *timer_list) + { +- int64_t expire_time; ++ int64_t expire_time = 0; + + if (!qatomic_read(&timer_list->active_timers)) { + return false; +@@ -281,7 +281,7 @@ bool qemu_clock_expired(QEMUClockType type) + int64_t timerlist_deadline_ns(QEMUTimerList *timer_list) + { + int64_t delta; +- int64_t expire_time; ++ int64_t expire_time = 0; + + if (!qatomic_read(&timer_list->active_timers)) { + return -1; +@@ -530,7 +530,7 @@ void timer_mod_ns(QEMUTimer *ts, int64_t expire_time) + void timer_mod_anticipate_ns(QEMUTimer *ts, int64_t expire_time) + { + QEMUTimerList *timer_list = ts->timer_list; +- bool rearm; ++ bool rearm = false; + + WITH_QEMU_LOCK_GUARD(&timer_list->active_timers_lock) { + if (ts->expire_time == -1 || ts->expire_time > expire_time) { +-- +2.33.0 +