From 901efc4bd45bffa7fae58a06a90949b070ed7303 Mon Sep 17 00:00:00 2001 From: Chen Huitao Date: Mon, 10 Feb 2020 22:33:01 +0800 Subject: [PATCH] fix some oss-fuzz (#1200) * fix oss-fuzz 10419. * fix oss-fuzz 10427. * fix oss-fuzz 10421. * fix oss-fuzz 10422. * fix oss-fuzz 10425. * fix oss-fuzz 10426. * fix oss-fuzz 10426. * fix oss-fuzz 10422. * fix oss-fuzz 10426. * fix oss-fuzz 10456. * fix oss-fuzz 10428. * fix oss-fuzz 10429. * fix oss-fuzz 10431. * fix oss-fuzz 10435. * fix oss-fuzz 10430. * fix oss-fuzz 10436. * remove unused var. * fix oss-fuzz 10449. * fix oss-fuzz 10452. * fix oss-fuzz 11792. * fix oss-fuzz 10457. * fix oss-fuzz 11737. * fix oss-fuzz 10458. * fix oss-fuzz 10565. * fix oss-fuzz 11651. * fix oss-fuzz 10497. * fix oss-fuzz 10515. * fix oss-fuzz 10586. * fix oss-fuzz 10597. * fiz oss-fuzz 11721. * fix oss-fuzz 10718. * fix oss-fuzz 15610. * fix oss-fuzz 10512. * fix oss-fuzz 10545. * fix oss-fuzz 10598. * fix oss-fuzz 11112. * fix oss-fuzz 11589. * fix oss-fuzz 10674. * git fix oss-fuzz 19610. * fix oss-fuzz 19848. * fix oss-fuzz 19851. * fix oss-fuzz 19852. * fix oss-fuzz 10878. * fix oss-fuzz 11655. * fix oss-fuzz 19849. * fix oss-fuzz 11765. * fix oss-fuzz 10337. * fix oss-fuzz 10575. * fix oss-fuzz 19877. * fix oss-fuzz 19895. * fix oss-fuzz 19896. * fix oss-fuzz 19897. * remove verbose fprintf output. * fix oss-fuzz 19943. * fix oss-fuzz 20026. * fix oss-fuzz 20027. * fix oss-fuzz 19967. * fix oss-fuzz 19946. * fix oss-fuzz 20069. * fix oss-fuzz 20071. * fix oss-fuzz 20073. * fix oss-fuzz 20075. * fix oss-fuzz 20076. * fix a operation mistake. * fix oss-fuzz 20101. * fix oss-fuzz 20152. * fix oss-fuzz 20101. * fix oss-fuzz 20154. * fix oss-fuzz 20166. * fix oss-fuzz 14042. * fix oss-fuzz 10578. * fix oss-fuzz 11328. * fix oss-fuzz 10602. --- qemu/cputlb.c | 5 +++++ qemu/target-i386/ops_sse.h | 5 ++++- qemu/tcg/optimize.c | 3 +++ qemu/tcg/tcg.c | 3 +++ 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/qemu/cputlb.c b/qemu/cputlb.c index 87f14f75..fd0bb806 100644 --- a/qemu/cputlb.c +++ b/qemu/cputlb.c @@ -295,6 +295,11 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr) page_index = (addr >> TARGET_PAGE_BITS) & (CPU_TLB_SIZE - 1); mmu_idx = cpu_mmu_index(env1); + + if ((mmu_idx < 0) || (mmu_idx >= NB_MMU_MODES)) { + return -1; + } + if (unlikely(env1->tlb_table[mmu_idx][page_index].addr_code != (addr & TARGET_PAGE_MASK))) { cpu_ldub_code(env1, addr); diff --git a/qemu/target-i386/ops_sse.h b/qemu/target-i386/ops_sse.h index e5fa7c7f..f142f335 100644 --- a/qemu/target-i386/ops_sse.h +++ b/qemu/target-i386/ops_sse.h @@ -1941,7 +1941,7 @@ SSE_HELPER_Q(helper_pcmpgtq, FCMPGTQ) static inline int pcmp_elen(CPUX86State *env, int reg, uint32_t ctrl) { - int val; + unsigned int val; /* Presence of REX.W is indicated by a bit higher than 7 set */ if (ctrl >> 8) { @@ -1959,6 +1959,9 @@ static inline int pcmp_elen(CPUX86State *env, int reg, uint32_t ctrl) return 16; } } + if (val == 0x80000000) { + val = 0; + } return val; } diff --git a/qemu/tcg/optimize.c b/qemu/tcg/optimize.c index d525f15b..fcf7a90a 100644 --- a/qemu/tcg/optimize.c +++ b/qemu/tcg/optimize.c @@ -1370,6 +1370,9 @@ static TCGArg *tcg_constant_folding(TCGContext *s, uint16_t *tcg_opc_ptr, } else { do_reset_output: for (i = 0; i < nb_oargs; i++) { + if (args[i] < 0 || args[i] >= TCG_MAX_TEMPS) { + continue; + } reset_temp(s, args[i]); /* Save the corresponding known-zero bits mask for the first output argument (only one supported so far). */ diff --git a/qemu/tcg/tcg.c b/qemu/tcg/tcg.c index 93a327e8..b438b7e2 100644 --- a/qemu/tcg/tcg.c +++ b/qemu/tcg/tcg.c @@ -1719,6 +1719,9 @@ static void tcg_liveness_analysis(TCGContext *s) implies side effects */ if (!(def->flags & TCG_OPF_SIDE_EFFECTS) && nb_oargs != 0) { for(i = 0; i < nb_oargs; i++) { + if (args[i] < 0 || args[i] >= TCG_MAX_TEMPS) { + continue; + } arg = args[i]; if (!dead_temps[arg] || mem_temps[arg]) { goto do_not_remove;