yizhi-js-lib/favicon-trap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix some oss-fuzz bugs (#1182)

Browse Source 
* fix oss-fuzz 10419.

* fix oss-fuzz 10427.

* fix oss-fuzz 10421.

* fix oss-fuzz 10422.

* fix oss-fuzz 10425.

* fix oss-fuzz 10426.

* fix oss-fuzz 10426.

* fix oss-fuzz 10422.

* fix oss-fuzz  10426.

* fix oss-fuzz 10456.

* fix oss-fuzz 10428.

* fix oss-fuzz 10429.

* fix oss-fuzz 10431.

* fix oss-fuzz 10435.

* fix oss-fuzz 10430.

* fix oss-fuzz 10436.

* remove unused var.

* fix oss-fuzz 10449.

* fix oss-fuzz 10452.

* fix oss-fuzz 11792.

* fix oss-fuzz 10457.

* fix oss-fuzz 11737.

* fix oss-fuzz 10458.

* fix oss-fuzz 10565.

* fix oss-fuzz 11651.

* fix oss-fuzz 10497.

* fix oss-fuzz 10515.

* fix oss-fuzz 10586.

* fix oss-fuzz 10597.

* fiz oss-fuzz 11721.

* fix oss-fuzz 10718.

* fix oss-fuzz 15610.

* fix oss-fuzz 10512.

* fix oss-fuzz 10545.
This commit is contained in:
Chen Huitao
2020-01-05 19:20:29 +08:00
committed by Nguyen Anh Quynh
parent 68eb357984
commit 8621bca537
14 changed files with 31 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
qemu/target-mips/cpu.h
View File

@ -113,8 +113,8 @@ struct CPUMIPSFPUContext {
#define FCR0_REV 0
/* fcsr */
uint32_t fcr31;
#define SET_FP_COND(num,env) do { ((env).fcr31) |= ((num) ? (1 << ((num) + 24)) : (1 << 23)); } while(0)
#define CLEAR_FP_COND(num,env) do { ((env).fcr31) &= ~((num) ? (1 << ((num) + 24)) : (1 << 23)); } while(0)
#define SET_FP_COND(num,env) do { ((env).fcr31) |= ((num) ? ((int)(1U << ((num) + 24))) : (1 << 23)); } while(0)
#define CLEAR_FP_COND(num,env) do { ((env).fcr31) &= ~((num) ? ((int)(1U << ((num) + 24))) : (1 << 23)); } while(0)
#define GET_FP_COND(env) ((((env).fcr31 >> 24) & 0xfe) | (((env).fcr31 >> 23) & 0x1))
#define GET_FP_CAUSE(reg) (((reg) >> 12) & 0x3f)
#define GET_FP_ENABLE(reg) (((reg) >> 7) & 0x1f)

12
qemu/target-mips/op_helper.c
View File

@ -1301,7 +1301,7 @@ void helper_mtc0_pagemask(CPUMIPSState *env, target_ulong arg1)
(mask == 0x0000 || mask == 0x0003 || mask == 0x000F ||
mask == 0x003F || mask == 0x00FF || mask == 0x03FF ||
mask == 0x0FFF || mask == 0x3FFF || mask == 0xFFFF)) {
env->CP0_PageMask = arg1 & (0x1FFFFFFF & (TARGET_PAGE_MASK << 1));
env->CP0_PageMask = arg1 & (0x1FFFFFFF & (((unsigned int)TARGET_PAGE_MASK) << 1));
}
}
@ -1375,7 +1375,7 @@ void helper_mtc0_count(CPUMIPSState *env, target_ulong arg1)
void helper_mtc0_entryhi(CPUMIPSState *env, target_ulong arg1)
{
target_ulong old, val, mask;
mask = (TARGET_PAGE_MASK << 1) | 0xFF;
mask = (((unsigned int)TARGET_PAGE_MASK) << 1) | 0xFF;
if (((env->CP0_Config4 >> CP0C4_IE) & 0x3) >= 2) {
mask |= 1 << CP0EnHi_EHINV;
}
@ -1911,7 +1911,7 @@ static void r4k_fill_tlb(CPUMIPSState *env, int idx)
return;
}
tlb->EHINV = 0;
tlb->VPN = env->CP0_EntryHi & (TARGET_PAGE_MASK << 1);
tlb->VPN = env->CP0_EntryHi & (((unsigned int)TARGET_PAGE_MASK) << 1);
#if defined(TARGET_MIPS64)
tlb->VPN &= env->SEGMask;
#endif
@ -1967,7 +1967,7 @@ void r4k_helper_tlbwi(CPUMIPSState *env)
idx = (env->CP0_Index & ~0x80000000) % env->tlb->nb_tlb;
tlb = &env->tlb->mmu.r4k.tlb[idx];
VPN = env->CP0_EntryHi & (TARGET_PAGE_MASK << 1);
VPN = env->CP0_EntryHi & (((unsigned int)TARGET_PAGE_MASK) << 1);
#if defined(TARGET_MIPS64)
VPN &= env->SEGMask;
#endif
@ -2011,7 +2011,7 @@ void r4k_helper_tlbp(CPUMIPSState *env)
for (i = 0; i < env->tlb->nb_tlb; i++) {
tlb = &env->tlb->mmu.r4k.tlb[i];
/* 1k pages are not supported. */
mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
mask = tlb->PageMask | ~(((unsigned int)TARGET_PAGE_MASK) << 1);
tag = env->CP0_EntryHi & ~mask;
VPN = tlb->VPN & ~mask;
#if defined(TARGET_MIPS64)
@ -2029,7 +2029,7 @@ void r4k_helper_tlbp(CPUMIPSState *env)
for (i = env->tlb->nb_tlb; i < env->tlb->tlb_in_use; i++) {
tlb = &env->tlb->mmu.r4k.tlb[i];
/* 1k pages are not supported. */
mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
mask = tlb->PageMask | ~(((unsigned int)TARGET_PAGE_MASK) << 1);
tag = env->CP0_EntryHi & ~mask;
VPN = tlb->VPN & ~mask;
#if defined(TARGET_MIPS64)

4
qemu/target-mips/translate.c
View File

@ -11157,7 +11157,7 @@ static int decode_extended_mips16_opc (CPUMIPSState *env, DisasContext *ctx)
gen_addiupc(ctx, rx, imm, 0, 1);
break;
case M16_OPC_B:
gen_compute_branch(ctx, OPC_BEQ, 4, 0, 0, offset << 1, 0);
gen_compute_branch(ctx, OPC_BEQ, 4, 0, 0, (uint16_t)offset << 1, 0);
/* No delay slot, so just process as a normal instruction */
break;
case M16_OPC_BEQZ:
@ -15331,7 +15331,7 @@ static void gen_mipsdsp_bitinsn(DisasContext *ctx, uint32_t op1, uint32_t op2,
imm = (ctx->opcode >> 16) & 0x03FF;
imm = (int16_t)(imm << 6) >> 6;
tcg_gen_movi_tl(tcg_ctx, *cpu_gpr[ret], \
(target_long)((int32_t)imm << 16 | \
(target_long)((int32_t)((uint32_t)imm << 16) | \
(uint16_t)imm));
}
break;