[Qemu-devel] qapi-commands.py generates code that uses uninitialized variables

[Peter Maydell]

This is something clang's -fsanitize=undefined spotted. The
code generated by qapi-commands.py in qmp-marshal.c for
qmp_marshal_* functions where there are some optional
arguments looks like this:

    bool has_force = false;
    bool force;

    mi = qmp_input_visitor_new_strict(QOBJECT(args));
    v = qmp_input_get_visitor(mi);
    visit_type_str(v, &device, "device", errp);
    visit_start_optional(v, &has_force, "force", errp);
    if (has_force) {
        visit_type_bool(v, &force, "force", errp);
    }
    visit_end_optional(v, errp);
    qmp_input_visitor_cleanup(mi);

    if (error_is_set(errp)) {
        goto out;
    }
    qmp_eject(device, has_force, force, errp);

In the case where has_force is false, we never initialize
force, but then we use it by passing it to qmp_eject.
I imagine we don't then actually use the value, but clang
complains in particular for 'bool' variables because the value
that ends up being loaded from memory for 'force' is not either
0 or 1 (being uninitialized stack contents).

Anybody understand what the codegenerator is doing well enough
to suggest a fix? I'd guess that just initializing the variable either
at point of declaration or in an else {) clause of the 'if (has_force)'
conditional would suffice, but presumably you need to handle
all the possible data types...

thanks
-- PMM