haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

target/xtensa: avoid integer overflow in next_page PC check

Browse source 
If the PC is in the last page of the address space, next_page_start
overflows to 0. Fix it.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Max Filippov <jcmvbkbc@gmail.com>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This commit is contained in:
Emilio G. Cota 2018-04-10 10:47:12 -04:00 committed by Richard Henderson
parent 4302303d3c
commit 4e8b44b6c2
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
target/xtensa/translate.c
View file

@ -1061,8 +1061,7 @@ void gen_intermediate_code(CPUState *cs, TranslationBlock *tb)
int insn_count = 0;
int max_insns = tb_cflags(tb) & CF_COUNT_MASK;
uint32_t pc_start = tb->pc;
uint32_t next_page_start =
(pc_start & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE;
uint32_t page_start = pc_start & TARGET_PAGE_MASK;
if (max_insns == 0) {
max_insns = CF_COUNT_MASK;
@ -1162,9 +1161,9 @@ void gen_intermediate_code(CPUState *cs, TranslationBlock *tb)
}
} while (dc.is_jmp == DISAS_NEXT &&
insn_count < max_insns &&
dc.pc < next_page_start &&
dc.pc + xtensa_insn_len(env, &dc) <= next_page_start &&
!tcg_op_buf_full());
dc.pc - page_start < TARGET_PAGE_SIZE &&
dc.pc - page_start + xtensa_insn_len(env, &dc) <= TARGET_PAGE_SIZE
&& !tcg_op_buf_full());
done:
reset_sar_tracker(&dc);
if (dc.icount) {