fix some oss-fuzz bugs (#1182)
* fix oss-fuzz 10419. * fix oss-fuzz 10427. * fix oss-fuzz 10421. * fix oss-fuzz 10422. * fix oss-fuzz 10425. * fix oss-fuzz 10426. * fix oss-fuzz 10426. * fix oss-fuzz 10422. * fix oss-fuzz 10426. * fix oss-fuzz 10456. * fix oss-fuzz 10428. * fix oss-fuzz 10429. * fix oss-fuzz 10431. * fix oss-fuzz 10435. * fix oss-fuzz 10430. * fix oss-fuzz 10436. * remove unused var. * fix oss-fuzz 10449. * fix oss-fuzz 10452. * fix oss-fuzz 11792. * fix oss-fuzz 10457. * fix oss-fuzz 11737. * fix oss-fuzz 10458. * fix oss-fuzz 10565. * fix oss-fuzz 11651. * fix oss-fuzz 10497. * fix oss-fuzz 10515. * fix oss-fuzz 10586. * fix oss-fuzz 10597. * fiz oss-fuzz 11721. * fix oss-fuzz 10718. * fix oss-fuzz 15610. * fix oss-fuzz 10512. * fix oss-fuzz 10545.
This commit is contained in:
Chen Huitao
Nguyen Anh Quynh
parent
68eb357984
commit
8621bca537
@ -4606,7 +4606,7 @@ int32 floatx80_to_int32( floatx80 a STATUS_PARAM )
|
||||
|
||||
if (floatx80_invalid_encoding(a)) {
|
||||
float_raise(float_flag_invalid STATUS_VAR);
|
||||
return 1 << 31;
|
||||
return (int32)(1U << 31);
|
||||
}
|
||||
aSig = extractFloatx80Frac( a );
|
||||
aExp = extractFloatx80Exp( a );
|
||||
@ -4638,7 +4638,7 @@ int32 floatx80_to_int32_round_to_zero( floatx80 a STATUS_PARAM )
|
||||
|
||||
if (floatx80_invalid_encoding(a)) {
|
||||
float_raise(float_flag_invalid STATUS_VAR);
|
||||
return 1 << 31;
|
||||
return (int32)(1U << 31);
|
||||
}
|
||||
aSig = extractFloatx80Frac( a );
|
||||
aExp = extractFloatx80Exp( a );
|
||||
|
||||
@ -419,7 +419,7 @@ static inline int float32_is_zero(float32 a)
|
||||
|
||||
static inline int float32_is_any_nan(float32 a)
|
||||
{
|
||||
return ((float32_val(a) & ~(1 << 31)) > 0x7f800000UL);
|
||||
return ((float32_val(a) & ~(1U << 31)) > 0x7f800000UL);
|
||||
}
|
||||
|
||||
static inline int float32_is_zero_or_denormal(float32 a)
|
||||
|
||||
@ -406,11 +406,11 @@ static void cpacr_write(CPUARMState *env, const ARMCPRegInfo *ri,
|
||||
*/
|
||||
if (arm_feature(env, ARM_FEATURE_VFP)) {
|
||||
/* VFP coprocessor: cp10 & cp11 [23:20] */
|
||||
mask |= (1 << 31) | (1 << 30) | (0xf << 20);
|
||||
mask |= (1U << 31) | (1 << 30) | (0xf << 20);
|
||||
|
||||
if (!arm_feature(env, ARM_FEATURE_NEON)) {
|
||||
/* ASEDIS [31] bit is RAO/WI */
|
||||
value |= (1 << 31);
|
||||
value |= (1U << 31);
|
||||
}
|
||||
|
||||
/* VFPv3 and upwards with NEON implement 32 double precision
|
||||
@ -575,14 +575,14 @@ static void pmccfiltr_write(CPUARMState *env, const ARMCPRegInfo *ri,
|
||||
static void pmcntenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
|
||||
uint64_t value)
|
||||
{
|
||||
value &= (1 << 31);
|
||||
value &= (1U << 31);
|
||||
env->cp15.c9_pmcnten |= value;
|
||||
}
|
||||
|
||||
static void pmcntenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
|
||||
uint64_t value)
|
||||
{
|
||||
value &= (1 << 31);
|
||||
value &= (1U << 31);
|
||||
env->cp15.c9_pmcnten &= ~value;
|
||||
}
|
||||
|
||||
@ -608,14 +608,14 @@ static void pmintenset_write(CPUARMState *env, const ARMCPRegInfo *ri,
|
||||
uint64_t value)
|
||||
{
|
||||
/* We have no event counters so only the C bit can be changed */
|
||||
value &= (1 << 31);
|
||||
value &= (1U << 31);
|
||||
env->cp15.c9_pminten |= value;
|
||||
}
|
||||
|
||||
static void pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri,
|
||||
uint64_t value)
|
||||
{
|
||||
value &= (1 << 31);
|
||||
value &= (1U << 31);
|
||||
env->cp15.c9_pminten &= ~value;
|
||||
}
|
||||
|
||||
@ -2145,7 +2145,7 @@ void hw_watchpoint_update(ARMCPU *cpu, int n)
|
||||
* We choose to ignore any non-zero bits after the first range of 1s.
|
||||
*/
|
||||
basstart = ctz32(bas);
|
||||
len = cto32(bas >> basstart);
|
||||
len = cto32(bas >> (basstart & 0x1f));
|
||||
wvr += basstart;
|
||||
}
|
||||
|
||||
|
||||
@ -118,7 +118,7 @@ uint32_t HELPER(double_saturate)(CPUARMState *env, int32_t val)
|
||||
res = SIGNBIT;
|
||||
env->QF = 1;
|
||||
} else {
|
||||
res = val << 1;
|
||||
res = (uint32_t)val << 1;
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
@ -2839,7 +2839,7 @@ static bool logic_imm_decode_wmask(uint64_t *result, unsigned int immn,
|
||||
* by r within the element (which is e bits wide)...
|
||||
*/
|
||||
mask = bitmask64(s + 1);
|
||||
mask = (mask >> r) | (mask << (e - r));
|
||||
mask = (mask >> r) | (mask << ((e - r) & 0x3f) );
|
||||
/* ...then replicate the element over the whole 64 bit value */
|
||||
mask = bitfield_replicate(mask, e);
|
||||
*result = mask;
|
||||
|
||||
@ -9900,7 +9900,7 @@ static int disas_thumb2_insn(CPUARMState *env, DisasContext *s, uint16_t insn_hw
|
||||
if (insn & 0x5000) {
|
||||
/* Unconditional branch. */
|
||||
/* signextend(hw1[10:0]) -> offset[:12]. */
|
||||
offset = ((int32_t)insn << 5) >> 9 & ~(int32_t)0xfff;
|
||||
offset = ((int32_t)(insn << 5)) >> 9 & ~(int32_t)0xfff;
|
||||
/* hw1[10:0] -> offset[11:1]. */
|
||||
offset |= (insn & 0x7ff) << 1;
|
||||
/* (~hw2[13, 11] ^ offset[24]) -> offset[23,22]
|
||||
|
||||
@ -265,7 +265,7 @@
|
||||
#define PG_ADDRESS_MASK 0x000ffffffffff000LL
|
||||
#define PG_HI_RSVD_MASK (PG_ADDRESS_MASK & ~PHYS_ADDR_MASK)
|
||||
#define PG_HI_USER_MASK 0x7ff0000000000000LL
|
||||
#define PG_NX_MASK (1LL << PG_NX_BIT)
|
||||
#define PG_NX_MASK (1ULL << PG_NX_BIT)
|
||||
|
||||
#define PG_ERROR_W_BIT 1
|
||||
|
||||
|
||||
@ -999,7 +999,7 @@ void helper_fstenv(CPUX86State *env, target_ulong ptr, int data32)
|
||||
/* zero */
|
||||
fptag |= 1;
|
||||
} else if (exp == 0 || exp == MAXEXPD
|
||||
|| (mant & (1LL << 63)) == 0) {
|
||||
|| (mant & (1ULL << 63)) == 0) {
|
||||
/* NaNs, infinity, denormal */
|
||||
fptag |= 2;
|
||||
}
|
||||
|
||||
@ -874,7 +874,7 @@ static inline uint64_t helper_insertq(uint64_t src, int shift, int len)
|
||||
if (len == 0) {
|
||||
mask = ~0ULL;
|
||||
} else {
|
||||
mask = (1ULL << len) - 1;
|
||||
mask = (1ULL << (len & 0x3f)) - 1;
|
||||
}
|
||||
return (src & ~(mask << shift)) | ((src & mask) << shift);
|
||||
}
|
||||
|
||||
@ -1014,7 +1014,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
|
||||
/* (CC_SRC >> (DATA_BITS - 1)) & 1 */
|
||||
size = s->cc_op - CC_OP_SHLB;
|
||||
shift = (8 << size) - 1;
|
||||
return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, (target_ulong)(1 << shift), false, false);
|
||||
return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, (target_ulong)(1U << shift), false, false);
|
||||
|
||||
case CC_OP_MULB: case CC_OP_MULW: case CC_OP_MULL: case CC_OP_MULQ:
|
||||
return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, -1, false, false);
|
||||
|
||||
@ -510,7 +510,7 @@ uint64_t HELPER(macmuls)(CPUM68KState *env, uint32_t op1, uint32_t op2)
|
||||
int64_t res;
|
||||
|
||||
product = (uint64_t)op1 * op2;
|
||||
res = (product << 24) >> 24;
|
||||
res = ((int64_t)(((uint64_t)product) << 24)) >> 24;
|
||||
if (res != product) {
|
||||
env->macsr |= MACSR_V;
|
||||
if (env->macsr & MACSR_OMC) {
|
||||
@ -565,7 +565,7 @@ void HELPER(macsats)(CPUM68KState *env, uint32_t acc)
|
||||
int64_t tmp;
|
||||
int64_t result;
|
||||
tmp = env->macc[acc];
|
||||
result = ((tmp << 16) >> 16);
|
||||
result = ((int64_t)((uint64_t)tmp << 16) >> 16);
|
||||
if (result != tmp) {
|
||||
env->macsr |= MACSR_V;
|
||||
}
|
||||
@ -746,12 +746,12 @@ void HELPER(set_mac_extf)(CPUM68KState *env, uint32_t val, uint32_t acc)
|
||||
int32_t tmp;
|
||||
res = env->macc[acc] & 0xffffffff00ull;
|
||||
tmp = (int16_t)(val & 0xff00);
|
||||
res |= ((int64_t)tmp) << 32;
|
||||
res |= ((uint64_t)((int64_t)tmp)) << 32;
|
||||
res |= val & 0xff;
|
||||
env->macc[acc] = res;
|
||||
res = env->macc[acc + 1] & 0xffffffff00ull;
|
||||
tmp = (val & 0xff000000);
|
||||
res |= ((int64_t)tmp) << 16;
|
||||
res |= ((uint64_t)((int64_t)tmp)) << 16;
|
||||
res |= (val >> 16) & 0xff;
|
||||
env->macc[acc + 1] = res;
|
||||
}
|
||||
|
||||
@ -113,8 +113,8 @@ struct CPUMIPSFPUContext {
|
||||
#define FCR0_REV 0
|
||||
/* fcsr */
|
||||
uint32_t fcr31;
|
||||
#define SET_FP_COND(num,env) do { ((env).fcr31) |= ((num) ? (1 << ((num) + 24)) : (1 << 23)); } while(0)
|
||||
#define CLEAR_FP_COND(num,env) do { ((env).fcr31) &= ~((num) ? (1 << ((num) + 24)) : (1 << 23)); } while(0)
|
||||
#define SET_FP_COND(num,env) do { ((env).fcr31) |= ((num) ? ((int)(1U << ((num) + 24))) : (1 << 23)); } while(0)
|
||||
#define CLEAR_FP_COND(num,env) do { ((env).fcr31) &= ~((num) ? ((int)(1U << ((num) + 24))) : (1 << 23)); } while(0)
|
||||
#define GET_FP_COND(env) ((((env).fcr31 >> 24) & 0xfe) | (((env).fcr31 >> 23) & 0x1))
|
||||
#define GET_FP_CAUSE(reg) (((reg) >> 12) & 0x3f)
|
||||
#define GET_FP_ENABLE(reg) (((reg) >> 7) & 0x1f)
|
||||
|
||||
@ -1301,7 +1301,7 @@ void helper_mtc0_pagemask(CPUMIPSState *env, target_ulong arg1)
|
||||
(mask == 0x0000 || mask == 0x0003 || mask == 0x000F ||
|
||||
mask == 0x003F || mask == 0x00FF || mask == 0x03FF ||
|
||||
mask == 0x0FFF || mask == 0x3FFF || mask == 0xFFFF)) {
|
||||
env->CP0_PageMask = arg1 & (0x1FFFFFFF & (TARGET_PAGE_MASK << 1));
|
||||
env->CP0_PageMask = arg1 & (0x1FFFFFFF & (((unsigned int)TARGET_PAGE_MASK) << 1));
|
||||
}
|
||||
}
|
||||
|
||||
@ -1375,7 +1375,7 @@ void helper_mtc0_count(CPUMIPSState *env, target_ulong arg1)
|
||||
void helper_mtc0_entryhi(CPUMIPSState *env, target_ulong arg1)
|
||||
{
|
||||
target_ulong old, val, mask;
|
||||
mask = (TARGET_PAGE_MASK << 1) | 0xFF;
|
||||
mask = (((unsigned int)TARGET_PAGE_MASK) << 1) | 0xFF;
|
||||
if (((env->CP0_Config4 >> CP0C4_IE) & 0x3) >= 2) {
|
||||
mask |= 1 << CP0EnHi_EHINV;
|
||||
}
|
||||
@ -1911,7 +1911,7 @@ static void r4k_fill_tlb(CPUMIPSState *env, int idx)
|
||||
return;
|
||||
}
|
||||
tlb->EHINV = 0;
|
||||
tlb->VPN = env->CP0_EntryHi & (TARGET_PAGE_MASK << 1);
|
||||
tlb->VPN = env->CP0_EntryHi & (((unsigned int)TARGET_PAGE_MASK) << 1);
|
||||
#if defined(TARGET_MIPS64)
|
||||
tlb->VPN &= env->SEGMask;
|
||||
#endif
|
||||
@ -1967,7 +1967,7 @@ void r4k_helper_tlbwi(CPUMIPSState *env)
|
||||
|
||||
idx = (env->CP0_Index & ~0x80000000) % env->tlb->nb_tlb;
|
||||
tlb = &env->tlb->mmu.r4k.tlb[idx];
|
||||
VPN = env->CP0_EntryHi & (TARGET_PAGE_MASK << 1);
|
||||
VPN = env->CP0_EntryHi & (((unsigned int)TARGET_PAGE_MASK) << 1);
|
||||
#if defined(TARGET_MIPS64)
|
||||
VPN &= env->SEGMask;
|
||||
#endif
|
||||
@ -2011,7 +2011,7 @@ void r4k_helper_tlbp(CPUMIPSState *env)
|
||||
for (i = 0; i < env->tlb->nb_tlb; i++) {
|
||||
tlb = &env->tlb->mmu.r4k.tlb[i];
|
||||
/* 1k pages are not supported. */
|
||||
mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
|
||||
mask = tlb->PageMask | ~(((unsigned int)TARGET_PAGE_MASK) << 1);
|
||||
tag = env->CP0_EntryHi & ~mask;
|
||||
VPN = tlb->VPN & ~mask;
|
||||
#if defined(TARGET_MIPS64)
|
||||
@ -2029,7 +2029,7 @@ void r4k_helper_tlbp(CPUMIPSState *env)
|
||||
for (i = env->tlb->nb_tlb; i < env->tlb->tlb_in_use; i++) {
|
||||
tlb = &env->tlb->mmu.r4k.tlb[i];
|
||||
/* 1k pages are not supported. */
|
||||
mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
|
||||
mask = tlb->PageMask | ~(((unsigned int)TARGET_PAGE_MASK) << 1);
|
||||
tag = env->CP0_EntryHi & ~mask;
|
||||
VPN = tlb->VPN & ~mask;
|
||||
#if defined(TARGET_MIPS64)
|
||||
|
||||
@ -11157,7 +11157,7 @@ static int decode_extended_mips16_opc (CPUMIPSState *env, DisasContext *ctx)
|
||||
gen_addiupc(ctx, rx, imm, 0, 1);
|
||||
break;
|
||||
case M16_OPC_B:
|
||||
gen_compute_branch(ctx, OPC_BEQ, 4, 0, 0, offset << 1, 0);
|
||||
gen_compute_branch(ctx, OPC_BEQ, 4, 0, 0, (uint16_t)offset << 1, 0);
|
||||
/* No delay slot, so just process as a normal instruction */
|
||||
break;
|
||||
case M16_OPC_BEQZ:
|
||||
@ -15331,7 +15331,7 @@ static void gen_mipsdsp_bitinsn(DisasContext *ctx, uint32_t op1, uint32_t op2,
|
||||
imm = (ctx->opcode >> 16) & 0x03FF;
|
||||
imm = (int16_t)(imm << 6) >> 6;
|
||||
tcg_gen_movi_tl(tcg_ctx, *cpu_gpr[ret], \
|
||||
(target_long)((int32_t)imm << 16 | \
|
||||
(target_long)((int32_t)((uint32_t)imm << 16) | \
|
||||
(uint16_t)imm));
|
||||
}
|
||||
break;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user