diff --git a/README.md b/README.md index 4577d074..1a19f302 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ Unicorn Engine [![Join the chat at https://gitter.im/unicorn-engine/chat](https://badges.gitter.im/unicorn-engine/unicorn.svg)](https://gitter.im/unicorn-engine/chat?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Build Status](https://travis-ci.org/unicorn-engine/unicorn.svg?branch=master)](https://travis-ci.org/unicorn-engine/unicorn) [![pypi downloads](https://pepy.tech/badge/unicorn)](https://pepy.tech/project/unicorn) +[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/unicorn.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:unicorn) Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework based on [QEMU](http://qemu.org). diff --git a/qemu/fpu/softfloat.c b/qemu/fpu/softfloat.c index d2651815..3bc69662 100644 --- a/qemu/fpu/softfloat.c +++ b/qemu/fpu/softfloat.c @@ -124,7 +124,9 @@ static int32 roundAndPackInt32( flag zSign, uint64_t absZ STATUS_PARAM) roundIncrement = zSign ? 0x7f : 0; break; default: + roundIncrement = 0; float_raise(float_flag_invalid STATUS_VAR); + break; } roundBits = absZ & 0x7F; absZ = ( absZ + roundIncrement )>>7; @@ -175,7 +177,9 @@ static int64 roundAndPackInt64( flag zSign, uint64_t absZ0, uint64_t absZ1 STATU increment = zSign && absZ1; break; default: + increment = 0; float_raise(float_flag_invalid STATUS_VAR); + break; } if ( increment ) { ++absZ0; @@ -229,7 +233,9 @@ static int64 roundAndPackUint64(flag zSign, uint64_t absZ0, increment = zSign && absZ1; break; default: + increment = 0; float_raise(float_flag_invalid STATUS_VAR); + break; } if (increment) { ++absZ0; @@ -568,6 +574,7 @@ static float64 roundAndPackFloat64(flag zSign, int_fast16_t zExp, uint64_t zSig break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } roundBits = zSig & 0x3FF; if ( 0x7FD <= (uint16_t) zExp ) { @@ -752,6 +759,7 @@ static floatx80 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } roundBits = zSig0 & roundMask; if ( 0x7FFD <= (uint32_t) ( zExp - 1 ) ) { @@ -814,6 +822,7 @@ static floatx80 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } if ( 0x7FFD <= (uint32_t) ( zExp - 1 ) ) { if ( ( 0x7FFE < zExp ) @@ -859,6 +868,7 @@ static floatx80 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } if ( increment ) { ++zSig0; @@ -1074,6 +1084,7 @@ static float128 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } if ( 0x7FFD <= (uint32_t) zExp ) { if ( ( 0x7FFD < zExp ) @@ -1137,6 +1148,7 @@ static float128 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } } } @@ -1857,6 +1869,7 @@ float32 float32_round_to_int( float32 a STATUS_PARAM) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z &= ~ roundBitsMask; if ( z != float32_val(a) ) STATUS(float_exception_flags) |= float_flag_inexact; @@ -3589,6 +3602,7 @@ float64 float64_round_to_int( float64 a STATUS_PARAM ) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z &= ~ roundBitsMask; if ( z != float64_val(a) ) @@ -4937,6 +4951,7 @@ floatx80 floatx80_round_to_int( floatx80 a STATUS_PARAM ) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z.low &= ~ roundBitsMask; if ( z.low == 0 ) { @@ -6058,6 +6073,7 @@ float128 float128_round_to_int( float128 a STATUS_PARAM ) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z.low &= ~ roundBitsMask; } @@ -6122,6 +6138,7 @@ float128 float128_round_to_int( float128 a STATUS_PARAM ) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z.high &= ~ roundBitsMask; } diff --git a/qemu/target-arm/translate-a64.c b/qemu/target-arm/translate-a64.c index a6e0a8ec..52337b9f 100644 --- a/qemu/target-arm/translate-a64.c +++ b/qemu/target-arm/translate-a64.c @@ -883,6 +883,7 @@ static void write_vec_element(DisasContext *s, TCGv_i64 tcg_src, int destidx, { TCGContext *tcg_ctx = s->uc->tcg_ctx; int vect_off = vec_reg_offset(s, destidx, element, memop & MO_SIZE); + CPUState *cs; switch (memop) { case MO_8: tcg_gen_st8_i64(tcg_ctx, tcg_src, tcg_ctx->cpu_env, vect_off); @@ -897,7 +898,10 @@ static void write_vec_element(DisasContext *s, TCGv_i64 tcg_src, int destidx, tcg_gen_st_i64(tcg_ctx, tcg_src, tcg_ctx->cpu_env, vect_off); break; default: - g_assert_not_reached(); + cs = CPU(s->uc->cpu); + cs->exception_index = EXCP_UDEF; + cpu_loop_exit(cs); + break; } } diff --git a/qemu/target-arm/unicorn_arm.c b/qemu/target-arm/unicorn_arm.c index 4264477d..0e1b1828 100644 --- a/qemu/target-arm/unicorn_arm.c +++ b/qemu/target-arm/unicorn_arm.c @@ -32,7 +32,6 @@ void arm_release(void* ctx) g_free(cpu->cpreg_values); g_free(cpu->cpreg_vmstate_indexes); g_free(cpu->cpreg_vmstate_values); - cpu_watchpoint_remove_all(CPU(cpu), BP_CPU); release_common(ctx); } diff --git a/qemu/unicorn_common.h b/qemu/unicorn_common.h index 8dcbb3e5..0aa1e5c3 100644 --- a/qemu/unicorn_common.h +++ b/qemu/unicorn_common.h @@ -51,6 +51,7 @@ static void release_common(void *t) memory_free(s->uc); tb_cleanup(s->uc); free_code_gen_buffer(s->uc); + cpu_watchpoint_remove_all(CPU(s->uc->cpu), BP_CPU); #if TCG_TARGET_REG_BITS == 32 for(i = 0; i < s->nb_globals; i++) {