diff options
| author | Richard Henderson | 2018-04-17 04:53:28 +0200 |
|---|---|---|
| committer | Peter Maydell | 2018-04-17 15:52:38 +0200 |
| commit | ce8d4082054519f2eaac39958edde502860a7fc6 (patch) | |
| tree | 67a7121204daef2a5b8fac2ce6145c72ac3739f1 /fpu | |
| parent | mux: fix ctrl-a b again (diff) | |
| download | qemu-ce8d4082054519f2eaac39958edde502860a7fc6.tar.gz qemu-ce8d4082054519f2eaac39958edde502860a7fc6.tar.xz qemu-ce8d4082054519f2eaac39958edde502860a7fc6.zip | |
fpu: Bound increment for scalbn
Without bounding the increment, we can overflow exp either here
in scalbn_decomposed or when adding the bias in round_canonical.
This can result in e.g. underflowing to 0 instead of overflowing
to infinity.
The old softfloat code did bound the increment.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'fpu')
| -rw-r--r-- | fpu/softfloat.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/fpu/softfloat.c b/fpu/softfloat.c index d90d79d777..70e0c40a1c 100644 --- a/fpu/softfloat.c +++ b/fpu/softfloat.c @@ -1878,6 +1878,12 @@ static FloatParts scalbn_decomposed(FloatParts a, int n, float_status *s) return return_nan(a, s); } if (a.cls == float_class_normal) { + /* The largest float type (even though not supported by FloatParts) + * is float128, which has a 15 bit exponent. Bounding N to 16 bits + * still allows rounding to infinity, without allowing overflow + * within the int32_t that backs FloatParts.exp. + */ + n = MIN(MAX(n, -0x10000), 0x10000); a.exp += n; } return a; |