fix some oss-fuzz (#1189)

* fix oss-fuzz 10419. * fix oss-fuzz 10427. * fix oss-fuzz 10421. * fix oss-fuzz 10422. * fix oss-fuzz 10425. * fix oss-fuzz 10426. * fix oss-fuzz 10426. * fix oss-fuzz 10422. * fix oss-fuzz 10426. * fix oss-fuzz 10456. * fix oss-fuzz 10428. * fix oss-fuzz 10429. * fix oss-fuzz 10431. * fix oss-fuzz 10435. * fix oss-fuzz 10430. * fix oss-fuzz 10436. * remove unused var. * fix oss-fuzz 10449. * fix oss-fuzz 10452. * fix oss-fuzz 11792. * fix oss-fuzz 10457. * fix oss-fuzz 11737. * fix oss-fuzz 10458. * fix oss-fuzz 10565. * fix oss-fuzz 11651. * fix oss-fuzz 10497. * fix oss-fuzz 10515. * fix oss-fuzz 10586. * fix oss-fuzz 10597. * fiz oss-fuzz 11721. * fix oss-fuzz 10718. * fix oss-fuzz 15610. * fix oss-fuzz 10512. * fix oss-fuzz 10545. * fix oss-fuzz 10598. * fix oss-fuzz 11112. * fix oss-fuzz 11589. * fix oss-fuzz 10674. * git fix oss-fuzz 19610. * fix oss-fuzz 19848. * fix oss-fuzz 19851. * fix oss-fuzz 19852. * fix oss-fuzz 10878. * fix oss-fuzz 11655. * fix oss-fuzz 19849. * fix oss-fuzz 11765. * fix oss-fuzz 10337. * fix oss-fuzz 10575. * fix oss-fuzz 19877. * fix oss-fuzz 19895. * fix oss-fuzz 19896. * fix oss-fuzz 19897. * remove verbose fprintf output. * fix oss-fuzz 19943. * fix oss-fuzz 20026. * fix oss-fuzz 20027. * fix oss-fuzz 19967. * fix oss-fuzz 19946. * fix oss-fuzz 20069. * fix oss-fuzz 20071. * fix oss-fuzz 20073. * fix oss-fuzz 20075. * fix oss-fuzz 20076.
2020-01-15 22:18:00 +08:00 · 2020-01-15 22:18:00 +08:00 · 2776bc1db7
commit 2776bc1db7
parent ec2e454481
5 changed files with 13 additions and 13 deletions
--- a/qemu/fpu/softfloat.c
+++ b/qemu/fpu/softfloat.c
@ -183,7 +183,7 @@ static int64 roundAndPackInt64( flag zSign, uint64_t absZ0, uint64_t absZ1 STATU
        absZ0 &= ~ ( ( (uint64_t) ( absZ1<<1 ) == 0 ) & roundNearestEven );
    }
    z = absZ0;
-    if ( zSign ) z = - z;
+    if ( zSign && z != 0x8000000000000000ULL ) z = - z;
    if ( z && ( ( z < 0 ) ^ zSign ) ) {
 overflow:
        float_raise( float_flag_invalid STATUS_VAR);
@ -1243,7 +1243,7 @@ floatx80 int32_to_floatx80(int32_t a STATUS_PARAM)

    if ( a == 0 ) return packFloatx80( 0, 0, 0 );
    zSign = ( a < 0 );
-    absA = zSign ? - a : a;
+    absA = (zSign && a != 0x80000000) ? - a : a;
    shiftCount = countLeadingZeros32( absA ) + 32;
    zSig = absA;
    return packFloatx80( zSign, 0x403E - shiftCount, zSig<<shiftCount );
--- a/qemu/target-arm/translate-a64.c
+++ b/qemu/target-arm/translate-a64.c
@ -5661,7 +5661,7 @@ static void handle_simd_dupg(DisasContext *s, int is_q, int rd, int rn,
                             int imm5)
 {
    int size = ctz32(imm5);
-    int esize = 8 << size;
+    int esize = 8 << (size & 0x1f);
    int elements = (is_q ? 128 : 64)/esize;
    int i = 0;

--- a/qemu/target-i386/ops_sse.h
+++ b/qemu/target-i386/ops_sse.h
@ -1489,7 +1489,7 @@ void glue(helper_phsubsw, SUFFIX)(CPUX86State *env, Reg *d, Reg *s)

 #define FABSB(_, x) (x > INT8_MAX  ? -(int8_t)x : x)
 #define FABSW(_, x) (x > INT16_MAX ? -(int16_t)x : x)
-#define FABSL(_, x) (x > INT32_MAX ? -(int32_t)x : x)
+#define FABSL(_, x) ((x > INT32_MAX && x != 0x80000000) ? -(int32_t)x : x)
 SSE_HELPER_B(helper_pabsb, FABSB)
 SSE_HELPER_W(helper_pabsw, FABSW)
 SSE_HELPER_L(helper_pabsd, FABSL)
--- a/qemu/target-mips/translate.c
+++ b/qemu/target-mips/translate.c
@ -8528,7 +8528,7 @@ static inline void gen_movcf_s (DisasContext *ctx, int fs, int fd, int cc, int t
    else
        cond = TCG_COND_NE;

-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
    tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
    gen_load_fpr32(ctx, t0, fs);
    gen_store_fpr32(ctx, t0, fd);
@ -8549,7 +8549,7 @@ static inline void gen_movcf_d (DisasContext *ctx, int fs, int fd, int cc, int t
    else
        cond = TCG_COND_NE;

-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
    tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
    tcg_temp_free_i32(tcg_ctx, t0);
    fp0 = tcg_temp_new_i64(tcg_ctx);
@ -8573,13 +8573,13 @@ static inline void gen_movcf_ps(DisasContext *ctx, int fs, int fd,
    else
        cond = TCG_COND_NE;

-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
    tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
    gen_load_fpr32(ctx, t0, fs);
    gen_store_fpr32(ctx, t0, fd);
    gen_set_label(tcg_ctx, l1);

-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc+1));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc+1));
    tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l2);
    gen_load_fpr32h(ctx, t0, fs);
    gen_store_fpr32h(ctx, t0, fd);
@ -18796,7 +18796,7 @@ static void decode_opc (CPUMIPSState *env, DisasContext *ctx, bool *insn_need_pa
         check_insn_opc_removed(ctx, ISA_MIPS32R6);
    case OPC_BEQ:
    case OPC_BNE:
-         gen_compute_branch(ctx, op, 4, rs, rt, imm << 2, 4);
+         gen_compute_branch(ctx, op, 4, rs, rt, (uint16_t)imm << 2, 4);
         break;
    case OPC_LWL: /* Load and stores */
    case OPC_LWR:
--- a/qemu/target-sparc/translate.c
+++ b/qemu/target-sparc/translate.c
@ -2668,7 +2668,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
                    target = GET_FIELD_SP(insn, 0, 13) |
                        (GET_FIELD_SP(insn, 20, 21) << 14);
                    target = sign_extend(target, 16);
-                    target <<= 2;
+                    target = (int32_t)((uint32_t)target << 2);
                    cpu_src1 = get_src1(dc, insn);
                    do_branch_reg(dc, target, insn, cpu_src1);
                    goto jmp_insn;
@ -2681,7 +2681,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
                    }
                    target = GET_FIELD_SP(insn, 0, 18);
                    target = sign_extend(target, 19);
-                    target <<= 2;
+                    target = (int32_t)((uint32_t)target << 2);
                    do_fbranch(dc, target, insn, cc);
                    goto jmp_insn;
                }
@ -2695,7 +2695,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
                {
                    target = GET_FIELD(insn, 10, 31);
                    target = sign_extend(target, 22);
-                    target <<= 2;
+                    target = (int32_t)((uint32_t)target << 2);
                    do_branch(dc, target, insn, 0);
                    goto jmp_insn;
                }
@ -2706,7 +2706,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
                    }
                    target = GET_FIELD(insn, 10, 31);
                    target = sign_extend(target, 22);
-                    target <<= 2;
+                    target = (int32_t)((uint32_t)target << 2);
                    do_fbranch(dc, target, insn, 0);
                    goto jmp_insn;
                }