Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
We compile a big code project (QEMU), and when executing this code in rare occasions we get illegal result to a bitwise operation on a bool variable type.
We have a structure, which contain a bool variable.
If this field contains a value which is higher than 1, the result of the bitwise operation on this field is illegal.
For example:
if the value of this field is 0x7fff, the result of the following bitmap operation is 0xff:
(structure->bool_variable & 0x1)
This is a bug, since only the lsb could be other value than zero (the rest of the bits are masked).
Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 7.0 (Maipo)
gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC)
How reproducible:
This is the structure:
typedef struct MLX5WQ {
uint8_t wq_type;
bool wq_signature;
uint8_t end_padding_mode;
bool cd_slave;
If cd_slave contains the value 0x7cff,
The following statement ends with illegal value (0xff):
(structure->bool_variable & 0x1)
However, I failed to reproduce it in a smaller program.
Steps to Reproduce:
1.
2.
3.
Actual results:
0xff
Expected results:
0x1
Additional info:
1) If I clear this field (i.e. put zero), I don't see this bug
2) If I If I change this variable type to "int", it seems that this bug disappears
3) I tried to reproduce this bug in a standalone program or in a simple flow, and it doesn't happen; this bug occurs in a specific flow within the program.
If a bool field contains value other than 0 or 1, the behavior is undefined.
You could e.g. try -fsanitize=undefined, which would likely flag that as an error.
Hi.
Thank you for the quick response.
If the variable isn't initialized, I can't control its content;
is there is any solution to this scenario?
Thanks
Dotan
Description of problem: We compile a big code project (QEMU), and when executing this code in rare occasions we get illegal result to a bitwise operation on a bool variable type. We have a structure, which contain a bool variable. If this field contains a value which is higher than 1, the result of the bitwise operation on this field is illegal. For example: if the value of this field is 0x7fff, the result of the following bitmap operation is 0xff: (structure->bool_variable & 0x1) This is a bug, since only the lsb could be other value than zero (the rest of the bits are masked). Version-Release number of selected component (if applicable): Red Hat Enterprise Linux Server release 7.0 (Maipo) gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) How reproducible: This is the structure: typedef struct MLX5WQ { uint8_t wq_type; bool wq_signature; uint8_t end_padding_mode; bool cd_slave; If cd_slave contains the value 0x7cff, The following statement ends with illegal value (0xff): (structure->bool_variable & 0x1) However, I failed to reproduce it in a smaller program. Steps to Reproduce: 1. 2. 3. Actual results: 0xff Expected results: 0x1 Additional info: 1) If I clear this field (i.e. put zero), I don't see this bug 2) If I If I change this variable type to "int", it seems that this bug disappears 3) I tried to reproduce this bug in a standalone program or in a simple flow, and it doesn't happen; this bug occurs in a specific flow within the program.