summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCatherine A. Frederick2020-06-07 23:10:59 +0200
committerRichard Henderson2020-07-06 19:58:19 +0200
commit94248cfc04dfa08e43aacd9d5bbfba7a47bff671 (patch)
tree2f0b8fff907edffe645e048db8838a1b3b1c346a
parentMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200703'... (diff)
downloadqemu-94248cfc04dfa08e43aacd9d5bbfba7a47bff671.tar.gz
qemu-94248cfc04dfa08e43aacd9d5bbfba7a47bff671.tar.xz
qemu-94248cfc04dfa08e43aacd9d5bbfba7a47bff671.zip
tcg/ppc: Sanitize immediate shifts
Sanitize shift constants so that shift operations with large constants don't generate invalid instructions. Signed-off-by: Catherine A. Frederick <chocola@animebitch.es> Message-Id: <20200607211100.22858-1-agrecascino123@gmail.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-rw-r--r--tcg/ppc/tcg-target.inc.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/tcg/ppc/tcg-target.inc.c b/tcg/ppc/tcg-target.inc.c
index 7da67086c6..c8d1e765d9 100644
--- a/tcg/ppc/tcg-target.inc.c
+++ b/tcg/ppc/tcg-target.inc.c
@@ -2610,21 +2610,24 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args,
case INDEX_op_shl_i32:
if (const_args[2]) {
- tcg_out_shli32(s, args[0], args[1], args[2]);
+ /* Limit immediate shift count lest we create an illegal insn. */
+ tcg_out_shli32(s, args[0], args[1], args[2] & 31);
} else {
tcg_out32(s, SLW | SAB(args[1], args[0], args[2]));
}
break;
case INDEX_op_shr_i32:
if (const_args[2]) {
- tcg_out_shri32(s, args[0], args[1], args[2]);
+ /* Limit immediate shift count lest we create an illegal insn. */
+ tcg_out_shri32(s, args[0], args[1], args[2] & 31);
} else {
tcg_out32(s, SRW | SAB(args[1], args[0], args[2]));
}
break;
case INDEX_op_sar_i32:
if (const_args[2]) {
- tcg_out32(s, SRAWI | RS(args[1]) | RA(args[0]) | SH(args[2]));
+ /* Limit immediate shift count lest we create an illegal insn. */
+ tcg_out32(s, SRAWI | RS(args[1]) | RA(args[0]) | SH(args[2] & 31));
} else {
tcg_out32(s, SRAW | SAB(args[1], args[0], args[2]));
}
@@ -2696,14 +2699,16 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args,
case INDEX_op_shl_i64:
if (const_args[2]) {
- tcg_out_shli64(s, args[0], args[1], args[2]);
+ /* Limit immediate shift count lest we create an illegal insn. */
+ tcg_out_shli64(s, args[0], args[1], args[2] & 63);
} else {
tcg_out32(s, SLD | SAB(args[1], args[0], args[2]));
}
break;
case INDEX_op_shr_i64:
if (const_args[2]) {
- tcg_out_shri64(s, args[0], args[1], args[2]);
+ /* Limit immediate shift count lest we create an illegal insn. */
+ tcg_out_shri64(s, args[0], args[1], args[2] & 63);
} else {
tcg_out32(s, SRD | SAB(args[1], args[0], args[2]));
}