The 'taddr' variable is left unintialized, being set only inside the "while ((lev--) >= 0)" loop where we get the TCE address. The 'lev' var is an int32_t that is being initiliazed by the GETFIELD() macro, which returns an uint64_t.
For a human reader this means that 'lev' will always be positive or zero. But some compilers may beg to differ. 'lev' being an int32_t can in theory be set as negative, and the "while ((lev--) >= 0)" loop might never be reached, and 'taddr' will be left unitialized. This can cause phb3_error() to use 'taddr' uninitialized down below: if ((is_write & !(tce & 2)) || ((!is_write) && !(tce & 1))) { phb3_error(phb, "TCE access fault at 0x%"PRIx64, taddr); Setting 'taddr' to the top level base address will make compilers happy. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/573 Signed-off-by: Daniel Henrique Barboza <danielhb...@gmail.com> --- hw/pci-host/pnv_phb3.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c index 7fb35dc031..617d42c5a0 100644 --- a/hw/pci-host/pnv_phb3.c +++ b/hw/pci-host/pnv_phb3.c @@ -788,6 +788,17 @@ static void pnv_phb3_translate_tve(PnvPhb3DMASpace *ds, hwaddr addr, /* Top level table base address */ base = tta << 12; + /* + * Some compilers will complain that the "TCE access fault" + * phb3_error() down below will use 'taddr' uninitialized + * because, in theory, the loop that sets 'taddr' is skippable + * due to 'lev' being an signed int. + * + * Setting 'taddr 'to the base address will bring piece of mind + * to such compilers. + */ + taddr = base; + /* Total shift to first level */ sh = tbl_shift * lev + tce_shift; -- 2.34.1