diff options
author | Roman Bolshakov | 2018-12-03 11:04:14 +0100 |
---|---|---|
committer | Peter Maydell | 2018-12-03 16:09:55 +0100 |
commit | 83ea23cd207a03c5736be0231acbf7f8b05dbf52 (patch) | |
tree | f2a8f6f5caa856ce3a157936b5122f6322a86e03 /target/i386/hvf | |
parent | i2c: Add a length check to the SMBus write handling (diff) | |
download | qemu-83ea23cd207a03c5736be0231acbf7f8b05dbf52.tar.gz qemu-83ea23cd207a03c5736be0231acbf7f8b05dbf52.tar.xz qemu-83ea23cd207a03c5736be0231acbf7f8b05dbf52.zip |
i386: hvf: Fix overrun of _decode_tbl1
Single opcode instructions in ff group were incorrectly processed
because an overrun of _decode_tbl1[0xff] resulted in access of
_decode_tbl2[0x0]. Thus, decode_sldtgroup was called instead of
decode_ffgroup:
7d71: decode_sldtgroup: 1
Unimplemented handler (7d71) for 108 (ff 0)
While at it correct maximum length for _decode_tbl2 and _decode_tbl3.
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target/i386/hvf')
-rw-r--r-- | target/i386/hvf/x86_decode.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/target/i386/hvf/x86_decode.c b/target/i386/hvf/x86_decode.c index 2e33b69541..d125a6ef83 100644 --- a/target/i386/hvf/x86_decode.c +++ b/target/i386/hvf/x86_decode.c @@ -454,9 +454,9 @@ struct decode_x87_tbl { struct decode_tbl invl_inst = {0x0, 0, 0, false, NULL, NULL, NULL, NULL, decode_invalid}; -struct decode_tbl _decode_tbl1[255]; -struct decode_tbl _decode_tbl2[255]; -struct decode_x87_tbl _decode_tbl3[255]; +struct decode_tbl _decode_tbl1[256]; +struct decode_tbl _decode_tbl2[256]; +struct decode_x87_tbl _decode_tbl3[256]; static void decode_x87_ins(CPUX86State *env, struct x86_decode *decode) { |