fix some oss-fuzz (#1249)

* fix oss-fuzz 21012. * fix oss-fuzz 21741. * fix oss-fuzz 21743.
2020-05-05 11:11:59 +08:00 · 2020-05-05 11:11:59 +08:00 · f435efd4a7
commit f435efd4a7
parent f0b509c176
3 changed files with 5 additions and 2 deletions
--- a/qemu/target-arm/neon_helper.c
+++ b/qemu/target-arm/neon_helper.c
@ -855,7 +855,7 @@ uint64_t HELPER(neon_qshl_u64)(CPUARMState *env, uint64_t val, uint64_t shiftop)
    if (tmp >= (ssize_t)sizeof(src1) * 8) { \
        if (src1) { \
            SET_QC(); \
-            dest = (uint32_t)(1 << (sizeof(src1) * 8 - 1)); \
+            dest = (uint32_t)(1U << (sizeof(src1) * 8 - 1)); \
            if (src1 > 0) { \
                dest--; \
            } \
--- a/qemu/target-i386/ops_sse.h
+++ b/qemu/target-i386/ops_sse.h
@ -441,7 +441,7 @@ void glue(helper_pmaddwd, SUFFIX)(CPUX86State *env, Reg *d, Reg *s)
 #if SHIFT == 0
 static inline int abs1(int a)
 {
-    if (a < 0) {
+    if (a < 0 && a != 0x80000000) {
        return -a;
    } else {
        return a;
--- a/qemu/tcg/optimize.c
+++ b/qemu/tcg/optimize.c
@ -550,6 +550,9 @@ static TCGArg *tcg_constant_folding(TCGContext *s, uint16_t *tcg_opc_ptr,
    reset_all_temps(s, nb_temps);

    nb_ops = tcg_opc_ptr - s->gen_opc_buf;
+    if (nb_ops > OPC_BUF_SIZE) {
+        return NULL;
+    }
    gen_args = args;
    for (op_index = 0; op_index < nb_ops; op_index++) {
        TCGOpcode op = s->gen_opc_buf[op_index];