From nobody Wed Nov 5 10:45:06 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1499301132312406.6175394033735; Wed, 5 Jul 2017 17:32:12 -0700 (PDT) Received: from localhost ([::1]:48659 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dSuiH-0005kD-Ud for importer@patchew.org; Wed, 05 Jul 2017 20:32:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59797) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dSubF-0007hw-3e for qemu-devel@nongnu.org; Wed, 05 Jul 2017 20:24:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dSubB-0002TE-Uz for qemu-devel@nongnu.org; Wed, 05 Jul 2017 20:24:53 -0400 Received: from mail-qt0-x242.google.com ([2607:f8b0:400d:c0d::242]:33882) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dSubB-0002T5-QH for qemu-devel@nongnu.org; Wed, 05 Jul 2017 20:24:49 -0400 Received: by mail-qt0-x242.google.com with SMTP id m54so645959qtb.1 for ; Wed, 05 Jul 2017 17:24:49 -0700 (PDT) Received: from bigtime.twiddle.net.com (rrcs-66-91-136-156.west.biz.rr.com. [66.91.136.156]) by smtp.gmail.com with ESMTPSA id u85sm371825qku.42.2017.07.05.17.24.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Jul 2017 17:24:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZLrv7XiB31CYgQy686NY+c/cajh5RqkEfQmHjWEpDZo=; b=Kdt9hxnWqSnqYubmnMrfD1RiXUs9h5Jwx838ucW4DJ+Z96P8A1iXgTSsDmh8Co+pjO ZihBeU/pa77TaI+SM4bkjzMfBpWAC1cclwU1TZVrSU+SwbkSVuZECv9nOCpZb/ShbGto 3wDfVCjhLXlakT1MsG43dEWUBzXDSSlxMKdrn96s4BTNnl6Z+dH6usvIG4hzTe8ba19t j5RTDFxOIWYWM0FOsNT/kQm5LyVGvfTHySnoCanEX0d0Ix+foMkpzTCjHB6XETS2XdrB zJUyABLCfMsUseq6oKkZ7nF7iKr1U3un/p3w3M6cHEWpmlPYkd222MQ8E4/aatU8zffS m1Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=ZLrv7XiB31CYgQy686NY+c/cajh5RqkEfQmHjWEpDZo=; b=mcP9+HnJ6lv5WRpnMyiolXHsS3twtJatxZJB3XWRHqB/YqTs7WEekUzcmpklokVR4b zstWWN7SXFyhoBZdVrY9hSOHPW/LFIqff+nbowBbAONS6FX+7O9LOheRvCxw/PJUwkr8 UTys+HSYbYy/NMfXWa+/XNCL8zr+iiN6lxzobMxHs44Dbl19fCH6lq1JRkecpj0lVJiI cZaBVImd8kYjT1B3PrLEQldZeTBp1qulmotRBos2phz4KAsNU6aXjy0vfJbYpAycAZVz aOTJYubCFW3pAiAjcL1Ofqi8sTJUQPEYRtIr7lT7X55yWRa/MsQk6Fk9W3/92h0JB3c2 IO3Q== X-Gm-Message-State: AIVw111NJbZ62jzeETX/bbeVklCbf52JqCUtA1voJ/rY2T+Ma1GUi9aZ vrrO0MNAccaf3RftGLg= X-Received: by 10.237.35.239 with SMTP id k44mr19007971qtc.125.1499300689070; Wed, 05 Jul 2017 17:24:49 -0700 (PDT) From: Richard Henderson To: qemu-devel@nongnu.org Date: Wed, 5 Jul 2017 14:23:59 -1000 Message-Id: <20170706002401.10507-10-rth@twiddle.net> X-Mailer: git-send-email 2.9.4 In-Reply-To: <20170706002401.10507-1-rth@twiddle.net> References: <20170706002401.10507-1-rth@twiddle.net> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400d:c0d::242 Subject: [Qemu-devel] [PATCH 09/11] target/sh4: Avoid a potential translator crash for malformed FPR64 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: bruno@clisp.org, aurelien@aurel32.net Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Produce valid, but nonsensical, code given an odd register index. Signed-off-by: Richard Henderson --- target/sh4/translate.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/target/sh4/translate.c b/target/sh4/translate.c index 05657a9..7f015c3 100644 --- a/target/sh4/translate.c +++ b/target/sh4/translate.c @@ -359,14 +359,18 @@ static void gen_delayed_conditional_jump(DisasContext= * ctx) gen_jump(ctx); } =20 -static inline void gen_load_fpr64(DisasContext *ctx, TCGv_i64 t, int reg) +/* Assumes lsb of (x) is always 0. */ +/* ??? Should the translator should signal an invalid opc? + In the meantime, using OR instead of PLUS to form the index of the + low register means we can't crash the translator for REG=3D=3D15. */ +static void gen_load_fpr64(DisasContext *ctx, TCGv_i64 t, int reg) { - tcg_gen_concat_i32_i64(t, cpu_fregs[reg + 1], cpu_fregs[reg]); + tcg_gen_concat_i32_i64(t, cpu_fregs[reg | 1], cpu_fregs[reg]); } =20 -static inline void gen_store_fpr64(DisasContext *ctx, TCGv_i64 t, int reg) +static void gen_store_fpr64(DisasContext *ctx, TCGv_i64 t, int reg) { - tcg_gen_extr_i64_i32(cpu_fregs[reg + 1], cpu_fregs[reg], t); + tcg_gen_extr_i64_i32(cpu_fregs[reg | 1], cpu_fregs[reg], t); } =20 #define B3_0 (ctx->opcode & 0xf) @@ -385,7 +389,6 @@ static inline void gen_store_fpr64(DisasContext *ctx, T= CGv_i64 t, int reg) #define FREG(x) cpu_fregs[ctx->tbflags & FPSCR_FR ? (x) ^ 0x10 : (x)] #define XHACK(x) ((((x) & 1 ) << 4) | ((x) & 0xe)) #define XREG(x) FREG(XHACK(x)) -/* Assumes lsb of (x) is always 0 */ #define DREG(x) (ctx->tbflags & FPSCR_FR ? (x) ^ 0x10 : (x)) =20 #define CHECK_NOT_DELAY_SLOT \ --=20 2.9.4