diff options
| author | Peter Maydell | 2021-09-01 16:10:08 +0200 |
|---|---|---|
| committer | Peter Maydell | 2021-12-15 11:35:26 +0100 |
| commit | e0e875a68a1cc699658a40b8449267c7460de60f (patch) | |
| tree | 16ad4244076077ee3bd25675aff0ae0e5b4ef14c /linux-user/hexagon/cpu_loop.c | |
| parent | tests/tcg: Add arm and aarch64 pc alignment tests (diff) | |
| download | qemu-e0e875a68a1cc699658a40b8449267c7460de60f.tar.gz qemu-e0e875a68a1cc699658a40b8449267c7460de60f.tar.xz qemu-e0e875a68a1cc699658a40b8449267c7460de60f.zip | |
target/i386: Use assert() to sanity-check b1 in SSE decode
In the SSE decode function gen_sse(), we combine a byte
'b' and a value 'b1' which can be [0..3], and switch on them:
b |= (b1 << 8);
switch (b) {
...
default:
unknown_op:
gen_unknown_opcode(env, s);
return;
}
In three cases inside this switch, we were then also checking for
"if (b1 >= 2) { goto unknown_op; }".
However, this can never happen, because the 'case' values in each place
are 0x0nn or 0x1nn and the switch will have directed the b1 == (2, 3)
cases to the default already.
This check was added in commit c045af25a52e9 in 2010; the added code
was unnecessary then as well, and was apparently intended only to
ensure that we never accidentally ended up indexing off the end
of an sse_op_table with only 2 entries as a result of future bugs
in the decode logic.
Change the checks to assert() instead, and make sure they're always
immediately before the array access they are protecting.
Fixes: Coverity CID 1460207
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'linux-user/hexagon/cpu_loop.c')
0 files changed, 0 insertions, 0 deletions