mirrors/unicorn
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix some oss-fuzz (#1184)

Browse Source 
* fix oss-fuzz 10419.

* fix oss-fuzz 10427.

* fix oss-fuzz 10421.

* fix oss-fuzz 10422.

* fix oss-fuzz 10425.

* fix oss-fuzz 10426.

* fix oss-fuzz 10426.

* fix oss-fuzz 10422.

* fix oss-fuzz  10426.

* fix oss-fuzz 10456.

* fix oss-fuzz 10428.

* fix oss-fuzz 10429.

* fix oss-fuzz 10431.

* fix oss-fuzz 10435.

* fix oss-fuzz 10430.

* fix oss-fuzz 10436.

* remove unused var.

* fix oss-fuzz 10449.

* fix oss-fuzz 10452.

* fix oss-fuzz 11792.

* fix oss-fuzz 10457.

* fix oss-fuzz 11737.

* fix oss-fuzz 10458.

* fix oss-fuzz 10565.

* fix oss-fuzz 11651.

* fix oss-fuzz 10497.

* fix oss-fuzz 10515.

* fix oss-fuzz 10586.

* fix oss-fuzz 10597.

* fiz oss-fuzz 11721.

* fix oss-fuzz 10718.

* fix oss-fuzz 15610.

* fix oss-fuzz 10512.

* fix oss-fuzz 10545.

* fix oss-fuzz 10598.

* fix oss-fuzz 11112.

* fix oss-fuzz 11589.

* fix oss-fuzz 10674.

* git fix oss-fuzz 19610.

* fix oss-fuzz 19848.

* fix oss-fuzz 19851.

* fix oss-fuzz 19852.

* fix oss-fuzz 10878.

* fix oss-fuzz 11655.

* fix oss-fuzz 19849.

* fix oss-fuzz 11765.

* fix oss-fuzz 10337.

* fix oss-fuzz 10575.

* fix oss-fuzz 19877.

* fix oss-fuzz 19895.

* fix oss-fuzz 19896.

* fix oss-fuzz 19897.

* remove verbose fprintf output.
This commit is contained in:
Chen Huitao 2020-01-10 23:05:44 +08:00 committed by Nguyen Anh Quynh
parent 8621bca537
commit 7e4ac9e86e
12 changed files with 38 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
qemu/fpu/softfloat.c
View File

@ -130,7 +130,7 @@ static int32 roundAndPackInt32( flag zSign, uint64_t absZ STATUS_PARAM)
absZ = ( absZ + roundIncrement )>>7;
absZ &= ~ ( ( ( roundBits ^ 0x40 ) == 0 ) & roundNearestEven );
z = (int32_t)absZ;
if ( zSign ) z = - z;
if ( zSign && (z != 0x80000000)) z = - z;
if ( ( absZ>>32 ) || ( z && ( ( z < 0 ) ^ zSign ) ) ) {
float_raise( float_flag_invalid STATUS_VAR);
return zSign ? (int32_t) 0x80000000 : 0x7FFFFFFF;
@ -1220,7 +1220,7 @@ float64 int32_to_float64(int32_t a STATUS_PARAM)
if ( a == 0 ) return float64_zero;
zSign = ( a < 0 );
absA = zSign ? - a : a;
absA = (zSign & (a != 0x80000000)) ? - a : a;
shiftCount = countLeadingZeros32( absA ) + 21;
zSig = absA;
return packFloat64( zSign, 0x432 - shiftCount, zSig<<shiftCount );

2
qemu/target-arm/internals.h
View File

@ -317,7 +317,7 @@ static inline uint32_t syn_fp_access_trap(int cv, int cond, bool is_thumb)
static inline uint32_t syn_insn_abort(int same_el, int ea, int s1ptw, int fsc)
{
return (EC_INSNABORT << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
return (((unsigned int)EC_INSNABORT) << ARM_EL_EC_SHIFT) | (same_el << ARM_EL_EC_SHIFT)
| (ea << 9) | (s1ptw << 7) | fsc;
}

2
qemu/target-arm/neon_helper.c
View File

@ -1767,7 +1767,7 @@ uint64_t HELPER(neon_abdl_s64)(uint32_t a, uint32_t b)
#define DO_MULL(dest, x, y, type1, type2) do { \
type1 tmp_x = x; \
type1 tmp_y = y; \
dest = (type2)((type2)tmp_x * (type2)tmp_y); \
dest = (type2)((int64_t)tmp_x * (int64_t)tmp_y); \
} while(0)
uint64_t HELPER(neon_mull_u8)(uint32_t a, uint32_t b)

6
qemu/target-arm/translate-a64.c
View File

@ -1859,7 +1859,7 @@ static void disas_ld_lit(DisasContext *s, uint32_t insn)
{
TCGContext *tcg_ctx = s->uc->tcg_ctx;
int rt = extract32(insn, 0, 5);
int64_t imm = sextract32(insn, 5, 19) << 2;
int64_t imm = (int32_t)(((uint32_t)sextract32(insn, 5, 19)) << 2);
bool is_vector = extract32(insn, 26, 1);
int opc = extract32(insn, 30, 2);
bool is_signed = false;
@ -2684,14 +2684,14 @@ static void disas_pc_rel_adr(DisasContext *s, uint32_t insn)
page = extract32(insn, 31, 1);
/* SignExtend(immhi:immlo) -> offset */
offset = ((int64_t)sextract32(insn, 5, 19) << 2) | extract32(insn, 29, 2);
offset = (int64_t)((uint64_t)sextract32(insn, 5, 19) << 2) | extract32(insn, 29, 2);
rd = extract32(insn, 0, 5);
base = s->pc - 4;
if (page) {
/* ADRP (page based) */
base &= ~0xfff;
offset <<= 12;
offset = ((uint64_t)offset) << 12;
}
tcg_gen_movi_i64(tcg_ctx, cpu_reg(s, rd), base + offset);

12
qemu/target-arm/translate.c
View File

@ -132,7 +132,7 @@ static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
addr = (long)s->pc + 4;
tcg_gen_movi_i32(tcg_ctx, var, addr);
} else {
tcg_gen_mov_i32(tcg_ctx, var, tcg_ctx->cpu_R[reg]);
tcg_gen_mov_i32(tcg_ctx, var, tcg_ctx->cpu_R[(reg & 0x0f)]);
}
}
@ -806,8 +806,10 @@ void arm_gen_test_cc(TCGContext *tcg_ctx, int cc, int label)
tcg_temp_free_i32(tcg_ctx, tmp);
break;
default:
fprintf(stderr, "Bad condition code 0x%x\n", cc);
abort();
/* fprintf(stderr, "Bad condition code 0x%x\n", cc); */
tmp = tcg_const_i32(tcg_ctx, EXCP_EXCEPTION_EXIT);
gen_helper_exception_internal(tcg_ctx, tcg_ctx->cpu_env, tmp);
tcg_temp_free_i32(tcg_ctx, tmp);
}
}
@ -11124,7 +11126,7 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s) // qq
/* jump to the offset */
val = (uint32_t)s->pc + 2;
offset = ((int32_t)insn << 24) >> 24;
offset = ((int32_t)((uint32_t)insn << 24)) >> 24;
val += offset << 1;
gen_jmp(s, val);
break;
@ -11137,7 +11139,7 @@ static void disas_thumb_insn(CPUARMState *env, DisasContext *s) // qq
}
/* unconditional branch */
val = (uint32_t)s->pc;
offset = ((int32_t)insn << 21) >> 21;
offset = ((int32_t)((uint32_t)insn << 21)) >> 21;
val += (offset << 1) + 2;
gen_jmp(s, val);
break;

6
qemu/target-i386/fpu_helper.c
View File

@ -654,7 +654,9 @@ void helper_fbst_ST0(CPUX86State *env, target_ulong ptr)
mem_end = mem_ref + 9;
if (val < 0) {
cpu_stb_data(env, mem_end, 0x80);
val = -val;
if (val != 0x8000000000000000LL) {
val = -val;
}
} else {
cpu_stb_data(env, mem_end, 0x00);
}
@ -664,7 +666,7 @@ void helper_fbst_ST0(CPUX86State *env, target_ulong ptr)
}
v = val % 100;
val = val / 100;
v = ((v / 10) << 4) | (v % 10);
v = (int)((unsigned int)(v / 10) << 4) | (v % 10);
cpu_stb_data(env, mem_ref++, v);
}
while (mem_ref < mem_end) {

2
qemu/target-i386/int_helper.c
View File

@ -352,7 +352,7 @@ static int idiv64(uint64_t *plow, uint64_t *phigh, int64_t b)
neg128(plow, phigh);
}
sb = (b < 0);
if (sb) {
if (sb && (b != 0x8000000000000000LL)) {
b = -b;
}
if (div64(plow, phigh, b) != 0) {

6
qemu/target-i386/ops_sse.h
View File

@ -852,7 +852,7 @@ static inline uint64_t helper_extrq(uint64_t src, int shift, int len)
if (len == 0) {
mask = ~0LL;
} else {
mask = (1ULL << len) - 1;
mask = (1ULL << (len & 0x3f)) - 1;
}
return (src >> shift) & mask;
}
@ -1469,8 +1469,8 @@ void glue(helper_phsubw, SUFFIX)(CPUX86State *env, Reg *d, Reg *s)
void glue(helper_phsubd, SUFFIX)(CPUX86State *env, Reg *d, Reg *s)
{
d->L(0) = (int32_t)d->L(0) - (int32_t)d->L(1);
XMM_ONLY(d->L(1) = (int32_t)d->L(2) - (int32_t)d->L(3));
d->L(0) = (int32_t)((int64_t)d->L(0) - (int64_t)d->L(1));
XMM_ONLY(d->L(1) = (int32_t)((int64_t)d->L(2) - (int64_t)d->L(3)));
d->L((1 << SHIFT) + 0) = (uint32_t)((int32_t)s->L(0) - (int32_t)s->L(1));
XMM_ONLY(d->L(3) = (int32_t)s->L(2) - (int32_t)s->L(3));
}

2
qemu/target-i386/translate.c
View File

@ -1014,7 +1014,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
/* (CC_SRC >> (DATA_BITS - 1)) & 1 */
size = s->cc_op - CC_OP_SHLB;
shift = (8 << size) - 1;
return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, (target_ulong)(1U << shift), false, false);
return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, (target_ulong)(1ULL << shift), false, false);
case CC_OP_MULB: case CC_OP_MULW: case CC_OP_MULL: case CC_OP_MULQ:
return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, -1, false, false);

10
qemu/target-m68k/helper.c
View File

@ -169,10 +169,10 @@ void HELPER(set_macsr)(CPUM68KState *env, uint32_t val)
}
if (env->macsr & MACSR_FI) {
regval = (((uint64_t)acc) << 8) | extlow;
regval |= ((int64_t)exthigh) << 40;
regval |= ((uint64_t)((int64_t)exthigh)) << 40;
} else if (env->macsr & MACSR_SU) {
regval = acc | (((int64_t)extlow) << 32);
regval |= ((int64_t)exthigh) << 40;
regval |= ((uint64_t)((int64_t)exthigh)) << 40;
} else {
regval = acc | (((uint64_t)extlow) << 32);
regval |= ((uint64_t)(uint8_t)exthigh) << 40;
@ -609,7 +609,7 @@ void HELPER(macsatf)(CPUM68KState *env, uint32_t acc)
int64_t result;
sum = env->macc[acc];
result = (sum << 16) >> 16;
result = ((int64_t)((uint64_t)sum << 16)) >> 16;
if (result != sum) {
env->macsr |= MACSR_V;
}
@ -762,11 +762,11 @@ void HELPER(set_mac_exts)(CPUM68KState *env, uint32_t val, uint32_t acc)
int32_t tmp;
res = (uint32_t)env->macc[acc];
tmp = (int16_t)val;
res |= ((int64_t)tmp) << 32;
res |= ((uint64_t)((int64_t)tmp)) << 32;
env->macc[acc] = res;
res = (uint32_t)env->macc[acc + 1];
tmp = val & 0xffff0000;
res |= (int64_t)tmp << 16;
res |= ((uint64_t)((int64_t)tmp)) << 16;
env->macc[acc + 1] = res;
}

16
qemu/target-mips/translate.c
View File

@ -1703,7 +1703,7 @@ static inline void gen_op_addr_add (DisasContext *ctx, TCGv ret, TCGv arg0, TCGv
static target_long addr_add(DisasContext *ctx, target_long base,
target_long offset)
{
target_long sum = base + offset;
target_long sum = (target_long)((target_ulong)base + offset);
#if defined(TARGET_MIPS64)
if (ctx->hflags & MIPS_HFLAG_AWRAP) {
@ -8505,7 +8505,7 @@ static void gen_movci (DisasContext *ctx, int rd, int rs, int cc, int tf)
l1 = gen_new_label(tcg_ctx);
t0 = tcg_temp_new_i32(tcg_ctx);
tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1 << get_fp_bit(cc));
tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
tcg_temp_free_i32(tcg_ctx, t0);
if (rs == 0) {
@ -11378,12 +11378,12 @@ static int decode_mips16_opc (CPUMIPSState *env, DisasContext *ctx, bool *insn_n
break;
case M16_OPC_BEQZ:
gen_compute_branch(ctx, OPC_BEQ, 2, rx, 0,
((int8_t)ctx->opcode) << 1, 0);
((uint8_t)ctx->opcode) << 1, 0);
/* No delay slot, so just process as a normal instruction */
break;
case M16_OPC_BNEQZ:
gen_compute_branch(ctx, OPC_BNE, 2, rx, 0,
((int8_t)ctx->opcode) << 1, 0);
((uint8_t)ctx->opcode) << 1, 0);
/* No delay slot, so just process as a normal instruction */
break;
case M16_OPC_SHIFT:
@ -11456,18 +11456,18 @@ static int decode_mips16_opc (CPUMIPSState *env, DisasContext *ctx, bool *insn_n
switch (funct) {
case I8_BTEQZ:
gen_compute_branch(ctx, OPC_BEQ, 2, 24, 0,
((int8_t)ctx->opcode) << 1, 0);
((uint8_t)ctx->opcode) << 1, 0);
break;
case I8_BTNEZ:
gen_compute_branch(ctx, OPC_BNE, 2, 24, 0,
((int8_t)ctx->opcode) << 1, 0);
((uint8_t)ctx->opcode) << 1, 0);
break;
case I8_SWRASP:
gen_st(ctx, OPC_SW, 31, 29, (ctx->opcode & 0xff) << 2);
break;
case I8_ADJSP:
gen_arith_imm(ctx, OPC_ADDIU, 29, 29,
((int8_t)ctx->opcode) << 3);
((uint8_t)ctx->opcode) << 3);
break;
case I8_SVRS:
{
@ -17488,7 +17488,7 @@ static void gen_msa_branch(CPUMIPSState *env, DisasContext *ctx, uint32_t op1)
break;
}
ctx->btarget = ctx->pc + (s16 << 2) + 4;
ctx->btarget = ctx->pc + (int64_t)((uint64_t)s16 << 2) + 4;
ctx->hflags |= MIPS_HFLAG_BC;
ctx->hflags |= MIPS_HFLAG_BDS32;

4
qemu/tcg/tcg.c
View File

@ -263,7 +263,7 @@ void *tcg_malloc_internal(TCGContext *s, int size)
if (size > TCG_POOL_CHUNK_SIZE) {
/* big malloc: insert a new pool (XXX: could optimize) */
p = g_malloc(sizeof(TCGPool) + size);
p = g_malloc0(sizeof(TCGPool) + size);
p->size = size;
p->next = s->pool_first_large;
s->pool_first_large = p;
@ -278,7 +278,7 @@ void *tcg_malloc_internal(TCGContext *s, int size)
if (!p->next) {
new_pool:
pool_size = TCG_POOL_CHUNK_SIZE;
p = g_malloc(sizeof(TCGPool) + pool_size);
p = g_malloc0(sizeof(TCGPool) + pool_size);
p->size = pool_size;
p->next = NULL;
if (s->pool_current)