From 17cfef0e5687a1e71cbfded1a203e74020c2f996 Mon Sep 17 00:00:00 2001 From: Chen Huitao Date: Fri, 22 May 2020 21:58:39 +0800 Subject: [PATCH] fix some oss-fuzz (#1259) * fix oss-fuzz 22107. * fix oss-fuzz 22112. * clean up build target. * fix oss-fuzz 22226. * fix oss-fuzz 22227. * fix oss-fuzz 11640. * fix oss-fuzz 20772. * remove warning. * fix oss-fuzz 10459. --- qemu/fpu/softfloat.c | 17 +++++++++++++++++ qemu/target-arm/translate-a64.c | 6 +++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/qemu/fpu/softfloat.c b/qemu/fpu/softfloat.c index d2651815..3bc69662 100644 --- a/qemu/fpu/softfloat.c +++ b/qemu/fpu/softfloat.c @@ -124,7 +124,9 @@ static int32 roundAndPackInt32( flag zSign, uint64_t absZ STATUS_PARAM) roundIncrement = zSign ? 0x7f : 0; break; default: + roundIncrement = 0; float_raise(float_flag_invalid STATUS_VAR); + break; } roundBits = absZ & 0x7F; absZ = ( absZ + roundIncrement )>>7; @@ -175,7 +177,9 @@ static int64 roundAndPackInt64( flag zSign, uint64_t absZ0, uint64_t absZ1 STATU increment = zSign && absZ1; break; default: + increment = 0; float_raise(float_flag_invalid STATUS_VAR); + break; } if ( increment ) { ++absZ0; @@ -229,7 +233,9 @@ static int64 roundAndPackUint64(flag zSign, uint64_t absZ0, increment = zSign && absZ1; break; default: + increment = 0; float_raise(float_flag_invalid STATUS_VAR); + break; } if (increment) { ++absZ0; @@ -568,6 +574,7 @@ static float64 roundAndPackFloat64(flag zSign, int_fast16_t zExp, uint64_t zSig break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } roundBits = zSig & 0x3FF; if ( 0x7FD <= (uint16_t) zExp ) { @@ -752,6 +759,7 @@ static floatx80 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } roundBits = zSig0 & roundMask; if ( 0x7FFD <= (uint32_t) ( zExp - 1 ) ) { @@ -814,6 +822,7 @@ static floatx80 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } if ( 0x7FFD <= (uint32_t) ( zExp - 1 ) ) { if ( ( 0x7FFE < zExp ) @@ -859,6 +868,7 @@ static floatx80 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } if ( increment ) { ++zSig0; @@ -1074,6 +1084,7 @@ static float128 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } if ( 0x7FFD <= (uint32_t) zExp ) { if ( ( 0x7FFD < zExp ) @@ -1137,6 +1148,7 @@ static float128 break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } } } @@ -1857,6 +1869,7 @@ float32 float32_round_to_int( float32 a STATUS_PARAM) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z &= ~ roundBitsMask; if ( z != float32_val(a) ) STATUS(float_exception_flags) |= float_flag_inexact; @@ -3589,6 +3602,7 @@ float64 float64_round_to_int( float64 a STATUS_PARAM ) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z &= ~ roundBitsMask; if ( z != float64_val(a) ) @@ -4937,6 +4951,7 @@ floatx80 floatx80_round_to_int( floatx80 a STATUS_PARAM ) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z.low &= ~ roundBitsMask; if ( z.low == 0 ) { @@ -6058,6 +6073,7 @@ float128 float128_round_to_int( float128 a STATUS_PARAM ) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z.low &= ~ roundBitsMask; } @@ -6122,6 +6138,7 @@ float128 float128_round_to_int( float128 a STATUS_PARAM ) break; default: float_raise(float_flag_invalid STATUS_VAR); + break; } z.high &= ~ roundBitsMask; } diff --git a/qemu/target-arm/translate-a64.c b/qemu/target-arm/translate-a64.c index a6e0a8ec..52337b9f 100644 --- a/qemu/target-arm/translate-a64.c +++ b/qemu/target-arm/translate-a64.c @@ -883,6 +883,7 @@ static void write_vec_element(DisasContext *s, TCGv_i64 tcg_src, int destidx, { TCGContext *tcg_ctx = s->uc->tcg_ctx; int vect_off = vec_reg_offset(s, destidx, element, memop & MO_SIZE); + CPUState *cs; switch (memop) { case MO_8: tcg_gen_st8_i64(tcg_ctx, tcg_src, tcg_ctx->cpu_env, vect_off); @@ -897,7 +898,10 @@ static void write_vec_element(DisasContext *s, TCGv_i64 tcg_src, int destidx, tcg_gen_st_i64(tcg_ctx, tcg_src, tcg_ctx->cpu_env, vect_off); break; default: - g_assert_not_reached(); + cs = CPU(s->uc->cpu); + cs->exception_index = EXCP_UDEF; + cpu_loop_exit(cs); + break; } }