mirrors/unicorn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix some oss-fuzz bugs (#1180)

Browse Source 
* fix oss-fuzz 10419.

* fix oss-fuzz 10427.

* fix oss-fuzz 10421.

* fix oss-fuzz 10422.

* fix oss-fuzz 10425.

* fix oss-fuzz 10426.

* fix oss-fuzz 10426.

* fix oss-fuzz 10422.

* fix oss-fuzz  10426.

* fix oss-fuzz 10456.

* fix oss-fuzz 10428.

* fix oss-fuzz 10429.

* fix oss-fuzz 10431.

* fix oss-fuzz 10435.

* fix oss-fuzz 10430.

* fix oss-fuzz 10436.

* remove unused var.
This commit is contained in:
Chen Huitao 2020-01-04 23:42:02 +08:00 committed by Nguyen Anh Quynh
parent 99097cab4c
commit 68eb357984
8 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
qemu/fpu/softfloat.c
View File

@ -668,7 +668,7 @@ static void
{ {
int8 shiftCount; int8 shiftCount;
shiftCount = countLeadingZeros64( aSig ); shiftCount = countLeadingZeros64( aSig ) & 0x3f;
*zSigPtr = aSig<<shiftCount; *zSigPtr = aSig<<shiftCount;
*zExpPtr = 1 - shiftCount; *zExpPtr = 1 - shiftCount;

8
qemu/target-arm/translate-a64.c
View File

@ -1084,7 +1084,7 @@ static void disas_uncond_b_imm(DisasContext *s, uint32_t insn)
TCGContext *tcg_ctx = s->uc->tcg_ctx; TCGContext *tcg_ctx = s->uc->tcg_ctx;
uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4; uint64_t addr = s->pc + sextract32(insn, 0, 26) * 4 - 4;
if (insn & (1 << 31)) { if (insn & (1U << 31)) {
/* C5.6.26 BL Branch with link */ /* C5.6.26 BL Branch with link */
tcg_gen_movi_i64(tcg_ctx, cpu_reg(s, 30), s->pc); tcg_gen_movi_i64(tcg_ctx, cpu_reg(s, 30), s->pc);
} }
@ -1283,7 +1283,7 @@ static void gen_get_nzcv(TCGContext *tcg_ctx, TCGv_i64 tcg_rt)
TCGv_i32 nzcv = tcg_temp_new_i32(tcg_ctx); TCGv_i32 nzcv = tcg_temp_new_i32(tcg_ctx);
/* build bit 31, N */ /* build bit 31, N */
tcg_gen_andi_i32(tcg_ctx, nzcv, tcg_ctx->cpu_NF, (1 << 31)); tcg_gen_andi_i32(tcg_ctx, nzcv, tcg_ctx->cpu_NF, (1U << 31));
/* build bit 30, Z */ /* build bit 30, Z */
tcg_gen_setcondi_i32(tcg_ctx, TCG_COND_EQ, tmp, tcg_ctx->cpu_ZF, 0); tcg_gen_setcondi_i32(tcg_ctx, TCG_COND_EQ, tmp, tcg_ctx->cpu_ZF, 0);
tcg_gen_deposit_i32(tcg_ctx, nzcv, nzcv, tmp, 30, 1); tcg_gen_deposit_i32(tcg_ctx, nzcv, nzcv, tmp, 30, 1);
@ -1308,7 +1308,7 @@ static void gen_set_nzcv(TCGContext *tcg_ctx, TCGv_i64 tcg_rt)
tcg_gen_trunc_i64_i32(tcg_ctx, nzcv, tcg_rt); tcg_gen_trunc_i64_i32(tcg_ctx, nzcv, tcg_rt);
/* bit 31, N */ /* bit 31, N */
tcg_gen_andi_i32(tcg_ctx, tcg_ctx->cpu_NF, nzcv, (1 << 31)); tcg_gen_andi_i32(tcg_ctx, tcg_ctx->cpu_NF, nzcv, (1U << 31));
/* bit 30, Z */ /* bit 30, Z */
tcg_gen_andi_i32(tcg_ctx, tcg_ctx->cpu_ZF, nzcv, (1 << 30)); tcg_gen_andi_i32(tcg_ctx, tcg_ctx->cpu_ZF, nzcv, (1 << 30));
tcg_gen_setcondi_i32(tcg_ctx, TCG_COND_EQ, tcg_ctx->cpu_ZF, tcg_ctx->cpu_ZF, 0); tcg_gen_setcondi_i32(tcg_ctx, TCG_COND_EQ, tcg_ctx->cpu_ZF, tcg_ctx->cpu_ZF, 0);
@ -1929,7 +1929,7 @@ static void disas_ldst_pair(DisasContext *s, uint32_t insn)
int rt = extract32(insn, 0, 5); int rt = extract32(insn, 0, 5);
int rn = extract32(insn, 5, 5); int rn = extract32(insn, 5, 5);
int rt2 = extract32(insn, 10, 5); int rt2 = extract32(insn, 10, 5);
int64_t offset = sextract32(insn, 15, 7); uint64_t offset = sextract64(insn, 15, 7);
int index = extract32(insn, 23, 2); int index = extract32(insn, 23, 2);
bool is_vector = extract32(insn, 26, 1); bool is_vector = extract32(insn, 26, 1);
bool is_load = extract32(insn, 22, 1); bool is_load = extract32(insn, 22, 1);

2
qemu/target-arm/translate.c
View File

@ -7853,7 +7853,7 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn) // qq
tcg_gen_movi_i32(tcg_ctx, tmp, val); tcg_gen_movi_i32(tcg_ctx, tmp, val);
store_reg(s, 14, tmp); store_reg(s, 14, tmp);
/* Sign-extend the 24-bit offset */ /* Sign-extend the 24-bit offset */
offset = (((int32_t)insn) << 8) >> 8; offset = ((int32_t)(insn << 8)) >> 8;
/* offset * 4 + bit24 * 2 + (thumb bit) */ /* offset * 4 + bit24 * 2 + (thumb bit) */
val += (offset << 2) | ((insn >> 23) & 2) | 1; val += (offset << 2) | ((insn >> 23) & 2) | 1;
/* pipeline offset */ /* pipeline offset */

2
qemu/target-i386/translate.c
View File

@ -2743,7 +2743,7 @@ static void gen_pusha(DisasContext *s)
TCGv **cpu_T = (TCGv **)tcg_ctx->cpu_T; TCGv **cpu_T = (TCGv **)tcg_ctx->cpu_T;
gen_op_movl_A0_reg(tcg_ctx, R_ESP); gen_op_movl_A0_reg(tcg_ctx, R_ESP);
gen_op_addl_A0_im(tcg_ctx, -8 << s->dflag); gen_op_addl_A0_im(tcg_ctx, ((unsigned int)(-8)) << s->dflag);
if (!s->ss32) if (!s->ss32)
tcg_gen_ext16u_tl(tcg_ctx, cpu_A0, cpu_A0); tcg_gen_ext16u_tl(tcg_ctx, cpu_A0, cpu_A0);
tcg_gen_mov_tl(tcg_ctx, *cpu_T[1], cpu_A0); tcg_gen_mov_tl(tcg_ctx, *cpu_T[1], cpu_A0);

6
qemu/target-mips/helper.c
View File

@ -75,7 +75,7 @@ int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
for (i = 0; i < env->tlb->tlb_in_use; i++) { for (i = 0; i < env->tlb->tlb_in_use; i++) {
r4k_tlb_t *tlb = &env->tlb->mmu.r4k.tlb[i]; r4k_tlb_t *tlb = &env->tlb->mmu.r4k.tlb[i];
/* 1k pages are not supported. */ /* 1k pages are not supported. */
target_ulong mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1); target_ulong mask = tlb->PageMask | ~(((unsigned int)TARGET_PAGE_MASK) << 1);
target_ulong tag = address & ~mask; target_ulong tag = address & ~mask;
target_ulong VPN = tlb->VPN & ~mask; target_ulong VPN = tlb->VPN & ~mask;
#if defined(TARGET_MIPS64) #if defined(TARGET_MIPS64)
@ -286,7 +286,7 @@ static void raise_mmu_exception(CPUMIPSState *env, target_ulong address,
env->CP0_Context = (env->CP0_Context & ~0x007fffff) | env->CP0_Context = (env->CP0_Context & ~0x007fffff) |
((address >> 9) & 0x007ffff0); ((address >> 9) & 0x007ffff0);
env->CP0_EntryHi = env->CP0_EntryHi =
(env->CP0_EntryHi & 0xFF) | (address & (TARGET_PAGE_MASK << 1)); (env->CP0_EntryHi & 0xFF) | (address & (((unsigned int)TARGET_PAGE_MASK) << 1));
#if defined(TARGET_MIPS64) #if defined(TARGET_MIPS64)
env->CP0_EntryHi &= env->SEGMask; env->CP0_EntryHi &= env->SEGMask;
env->CP0_XContext = (env->CP0_XContext & ((~0ULL) << (env->SEGBITS - 7))) | env->CP0_XContext = (env->CP0_XContext & ((~0ULL) << (env->SEGBITS - 7))) |
@ -788,7 +788,7 @@ void r4k_invalidate_tlb (CPUMIPSState *env, int idx, int use_extra)
} }
/* 1k pages are not supported. */ /* 1k pages are not supported. */
mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1); mask = tlb->PageMask | ~(((unsigned int)TARGET_PAGE_MASK) << 1);
if (tlb->V0) { if (tlb->V0) {
cs = CPU(cpu); cs = CPU(cpu);
addr = tlb->VPN & ~mask; addr = tlb->VPN & ~mask;

8
qemu/target-mips/translate.c
View File

@ -2547,11 +2547,11 @@ static void gen_logic_imm(DisasContext *ctx, uint32_t opc,
case OPC_LUI: case OPC_LUI:
if (rs != 0 && (ctx->insn_flags & ISA_MIPS32R6)) { if (rs != 0 && (ctx->insn_flags & ISA_MIPS32R6)) {
/* OPC_AUI */ /* OPC_AUI */
tcg_gen_addi_tl(tcg_ctx, *cpu_gpr[rt], *cpu_gpr[rs], imm << 16); tcg_gen_addi_tl(tcg_ctx, *cpu_gpr[rt], *cpu_gpr[rs], uimm << 16);
tcg_gen_ext32s_tl(tcg_ctx, *cpu_gpr[rt], *cpu_gpr[rt]); tcg_gen_ext32s_tl(tcg_ctx, *cpu_gpr[rt], *cpu_gpr[rt]);
MIPS_DEBUG("aui %s, %s, %04x", regnames[rt], regnames[rs], imm); MIPS_DEBUG("aui %s, %s, %04x", regnames[rt], regnames[rs], imm);
} else { } else {
tcg_gen_movi_tl(tcg_ctx, *cpu_gpr[rt], imm << 16); tcg_gen_movi_tl(tcg_ctx, *cpu_gpr[rt], uimm << 16);
MIPS_DEBUG("lui %s, " TARGET_FMT_lx, regnames[rt], uimm); MIPS_DEBUG("lui %s, " TARGET_FMT_lx, regnames[rt], uimm);
} }
break; break;
@ -4735,7 +4735,7 @@ static void gen_bitops (DisasContext *ctx, uint32_t opc, int rt,
goto fail; goto fail;
tcg_gen_shri_tl(tcg_ctx, t0, t1, lsb); tcg_gen_shri_tl(tcg_ctx, t0, t1, lsb);
if (msb != 31) { if (msb != 31) {
tcg_gen_andi_tl(tcg_ctx, t0, t0, (1 << (msb + 1)) - 1); tcg_gen_andi_tl(tcg_ctx, t0, t0, (1U << (msb + 1)) - 1);
} else { } else {
tcg_gen_ext32s_tl(tcg_ctx, t0, t0); tcg_gen_ext32s_tl(tcg_ctx, t0, t0);
} }
@ -18871,7 +18871,7 @@ static void decode_opc (CPUMIPSState *env, DisasContext *ctx, bool *insn_need_pa
check_cop1x(ctx); check_cop1x(ctx);
check_insn(ctx, ASE_MIPS3D); check_insn(ctx, ASE_MIPS3D);
gen_compute_branch1(ctx, MASK_BC1(ctx->opcode), gen_compute_branch1(ctx, MASK_BC1(ctx->opcode),
(rt >> 2) & 0x7, imm << 2); (rt >> 2) & 0x7, ((uint16_t)imm) << 2);
} }
break; break;
case OPC_BC1NEZ: case OPC_BC1NEZ:

4
qemu/target-sparc/translate.c
View File

@ -91,7 +91,7 @@ typedef struct {
static int sign_extend(int x, int len) static int sign_extend(int x, int len)
{ {
len = 32 - len; len = 32 - len;
return (x << len) >> len; return ((int)(((unsigned int)x) << len)) >> len;
} }
#define IS_IMM (insn & (1<<13)) #define IS_IMM (insn & (1<<13))
@ -2728,7 +2728,7 @@ static void disas_sparc_insn(DisasContext * dc, unsigned int insn, bool hook_ins
break; break;
case 1: /*CALL*/ case 1: /*CALL*/
{ {
target_long target = GET_FIELDs(insn, 2, 31) << 2; target_long target = (int)(((unsigned int)(GET_FIELDs(insn, 2, 31))) << 2);
TCGv o7 = gen_dest_gpr(dc, 15); TCGv o7 = gen_dest_gpr(dc, 15);
tcg_gen_movi_tl(tcg_ctx, o7, dc->pc); tcg_gen_movi_tl(tcg_ctx, o7, dc->pc);

2
qemu/translate-all.c
View File

@ -1453,7 +1453,7 @@ void tb_invalidate_phys_page_fast(struct uc_struct* uc, tb_page_addr_t start, in
unsigned long b; unsigned long b;
nr = start & ~TARGET_PAGE_MASK; nr = start & ~TARGET_PAGE_MASK;
b = p->code_bitmap[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG - 1)); b = p->code_bitmap[BIT_WORD(nr)] >> ((nr & (BITS_PER_LONG - 1)) & 0x1f);
if (b & ((1 << len) - 1)) { if (b & ((1 << len) - 1)) {
goto do_invalidate; goto do_invalidate;
} }