diff options
author | Blue Swirl | 2011-11-13 12:11:52 +0100 |
---|---|---|
committer | Blue Swirl | 2011-11-19 14:51:27 +0100 |
commit | bc4268998d154b9b3cc86a7b6bd932cc974591c9 (patch) | |
tree | bb8859652b669d8ac2ae99caf3eca5f988d8f254 /target-i386 | |
parent | loader: Fix read_targphys() to behave when read() fails (diff) | |
download | qemu-bc4268998d154b9b3cc86a7b6bd932cc974591c9.tar.gz qemu-bc4268998d154b9b3cc86a7b6bd932cc974591c9.tar.xz qemu-bc4268998d154b9b3cc86a7b6bd932cc974591c9.zip |
x86: fix pcmpestrm and pcmpistrm
Fix obvious typos (decrement and off-by-one error) in pcmpestrm and pcmpistrm
which resulted in infinite loop. Reported by Frank Mehnert,
spotted also by Coverity (bug 84752853).
Reported-by: Frank Mehnert <frank.mehnert@oracle.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Diffstat (limited to 'target-i386')
-rw-r--r-- | target-i386/ops_sse.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/target-i386/ops_sse.h b/target-i386/ops_sse.h index aa41d25968..47dde78f89 100644 --- a/target-i386/ops_sse.h +++ b/target-i386/ops_sse.h @@ -1996,11 +1996,13 @@ void glue(helper_pcmpestrm, SUFFIX) (Reg *d, Reg *s, uint32_t ctrl) if ((ctrl >> 6) & 1) { if (ctrl & 1) - for (i = 0; i <= 8; i--, res >>= 1) + for (i = 0; i < 8; i++, res >>= 1) { d->W(i) = (res & 1) ? ~0 : 0; + } else - for (i = 0; i <= 16; i--, res >>= 1) + for (i = 0; i < 16; i++, res >>= 1) { d->B(i) = (res & 1) ? ~0 : 0; + } } else { d->Q(1) = 0; d->Q(0) = res; @@ -2028,11 +2030,13 @@ void glue(helper_pcmpistrm, SUFFIX) (Reg *d, Reg *s, uint32_t ctrl) if ((ctrl >> 6) & 1) { if (ctrl & 1) - for (i = 0; i <= 8; i--, res >>= 1) + for (i = 0; i < 8; i++, res >>= 1) { d->W(i) = (res & 1) ? ~0 : 0; + } else - for (i = 0; i <= 16; i--, res >>= 1) + for (i = 0; i < 16; i++, res >>= 1) { d->B(i) = (res & 1) ? ~0 : 0; + } } else { d->Q(1) = 0; d->Q(0) = res; |