summaryrefslogtreecommitdiffstats
path: root/target/i386/hvf
diff options
context:
space:
mode:
authorRoman Bolshakov2018-12-03 11:04:14 +0100
committerPeter Maydell2018-12-03 16:09:55 +0100
commit83ea23cd207a03c5736be0231acbf7f8b05dbf52 (patch)
treef2a8f6f5caa856ce3a157936b5122f6322a86e03 /target/i386/hvf
parenti2c: Add a length check to the SMBus write handling (diff)
downloadqemu-83ea23cd207a03c5736be0231acbf7f8b05dbf52.tar.gz
qemu-83ea23cd207a03c5736be0231acbf7f8b05dbf52.tar.xz
qemu-83ea23cd207a03c5736be0231acbf7f8b05dbf52.zip
i386: hvf: Fix overrun of _decode_tbl1
Single opcode instructions in ff group were incorrectly processed because an overrun of _decode_tbl1[0xff] resulted in access of _decode_tbl2[0x0]. Thus, decode_sldtgroup was called instead of decode_ffgroup: 7d71: decode_sldtgroup: 1 Unimplemented handler (7d71) for 108 (ff 0) While at it correct maximum length for _decode_tbl2 and _decode_tbl3. Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'target/i386/hvf')
-rw-r--r--target/i386/hvf/x86_decode.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/target/i386/hvf/x86_decode.c b/target/i386/hvf/x86_decode.c
index 2e33b69541..d125a6ef83 100644
--- a/target/i386/hvf/x86_decode.c
+++ b/target/i386/hvf/x86_decode.c
@@ -454,9 +454,9 @@ struct decode_x87_tbl {
struct decode_tbl invl_inst = {0x0, 0, 0, false, NULL, NULL, NULL, NULL,
decode_invalid};
-struct decode_tbl _decode_tbl1[255];
-struct decode_tbl _decode_tbl2[255];
-struct decode_x87_tbl _decode_tbl3[255];
+struct decode_tbl _decode_tbl1[256];
+struct decode_tbl _decode_tbl2[256];
+struct decode_x87_tbl _decode_tbl3[256];
static void decode_x87_ins(CPUX86State *env, struct x86_decode *decode)
{