From ec2e4544819b2ef0ecd297ba331d4f2172b77245 Mon Sep 17 00:00:00 2001
From: Chen Huitao <h980501427@163.com>
Date: Tue, 14 Jan 2020 10:08:58 +0800
Subject: [PATCH] fix some oss-fuzz (#1188)

* fix oss-fuzz 10419.

* fix oss-fuzz 10427.

* fix oss-fuzz 10421.

* fix oss-fuzz 10422.

* fix oss-fuzz 10425.

* fix oss-fuzz 10426.

* fix oss-fuzz 10426.

* fix oss-fuzz 10422.

* fix oss-fuzz  10426.

* fix oss-fuzz 10456.

* fix oss-fuzz 10428.

* fix oss-fuzz 10429.

* fix oss-fuzz 10431.

* fix oss-fuzz 10435.

* fix oss-fuzz 10430.

* fix oss-fuzz 10436.

* remove unused var.

* fix oss-fuzz 10449.

* fix oss-fuzz 10452.

* fix oss-fuzz 11792.

* fix oss-fuzz 10457.

* fix oss-fuzz 11737.

* fix oss-fuzz 10458.

* fix oss-fuzz 10565.

* fix oss-fuzz 11651.

* fix oss-fuzz 10497.

* fix oss-fuzz 10515.

* fix oss-fuzz 10586.

* fix oss-fuzz 10597.

* fiz oss-fuzz 11721.

* fix oss-fuzz 10718.

* fix oss-fuzz 15610.

* fix oss-fuzz 10512.

* fix oss-fuzz 10545.

* fix oss-fuzz 10598.

* fix oss-fuzz 11112.

* fix oss-fuzz 11589.

* fix oss-fuzz 10674.

* git fix oss-fuzz 19610.

* fix oss-fuzz 19848.

* fix oss-fuzz 19851.

* fix oss-fuzz 19852.

* fix oss-fuzz 10878.

* fix oss-fuzz 11655.

* fix oss-fuzz 19849.

* fix oss-fuzz 11765.

* fix oss-fuzz 10337.

* fix oss-fuzz 10575.

* fix oss-fuzz 19877.

* fix oss-fuzz 19895.

* fix oss-fuzz 19896.

* fix oss-fuzz 19897.

* remove verbose fprintf output.

* fix oss-fuzz 19943.

* fix oss-fuzz 20026.

* fix oss-fuzz 20027.

* fix oss-fuzz 19967.

* fix oss-fuzz 19946.
---
 qemu/fpu/softfloat-macros.h   | 4 ++--
 qemu/target-arm/neon_helper.c | 4 ++--
 qemu/target-arm/translate.c   | 4 ++--
 qemu/target-i386/ops_sse.h    | 2 +-
 qemu/target-mips/cpu.h        | 4 ++--
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/qemu/fpu/softfloat-macros.h b/qemu/fpu/softfloat-macros.h
index 2e3c967d..2892b4fe 100644
--- a/qemu/fpu/softfloat-macros.h
+++ b/qemu/fpu/softfloat-macros.h
@@ -301,9 +301,9 @@ static inline void
      uint64_t a0, uint64_t a1, int_fast16_t count, uint64_t *z0Ptr, uint64_t *z1Ptr)
 {
 
-    *z1Ptr = a1<<count;
+    *z1Ptr = a1<<(count & 0x3f);
     *z0Ptr =
-        ( count == 0 ) ? a0 : ( a0<<count ) | ( a1>>( ( - count ) & 63 ) );
+        ( count == 0 ) ? a0 : ( a0<<(count & 0x3f) ) | ( a1>>( ( - count ) & 63 ) );
 
 }
 
diff --git a/qemu/target-arm/neon_helper.c b/qemu/target-arm/neon_helper.c
index f2c05cb4..1426decd 100644
--- a/qemu/target-arm/neon_helper.c
+++ b/qemu/target-arm/neon_helper.c
@@ -867,7 +867,7 @@ uint64_t HELPER(neon_qshl_u64)(CPUARMState *env, uint64_t val, uint64_t shiftop)
     } else if (tmp < 0) { \
         dest = src1 >> -tmp; \
     } else { \
-        dest = src1 << tmp; \
+        dest = (uint32_t)src1 << tmp; \
         if ((dest >> tmp) != src1) { \
             SET_QC(); \
             dest = (uint32_t)(1 << (sizeof(src1) * 8 - 1)); \
@@ -1170,7 +1170,7 @@ NEON_VOP(sub_u8, neon_u8, 4)
 NEON_VOP(sub_u16, neon_u16, 2)
 #undef NEON_FN
 
-#define NEON_FN(dest, src1, src2) dest = src1 * src2
+#define NEON_FN(dest, src1, src2) dest = (int64_t)src1 * src2
 NEON_VOP(mul_u8, neon_u8, 4)
 NEON_VOP(mul_u16, neon_u16, 2)
 #undef NEON_FN
diff --git a/qemu/target-arm/translate.c b/qemu/target-arm/translate.c
index db7aec59..31f0327a 100644
--- a/qemu/target-arm/translate.c
+++ b/qemu/target-arm/translate.c
@@ -132,7 +132,7 @@ static void load_reg_var(DisasContext *s, TCGv_i32 var, int reg)
             addr = (long)s->pc + 4;
         tcg_gen_movi_i32(tcg_ctx, var, addr);
     } else {
-        tcg_gen_mov_i32(tcg_ctx, var, tcg_ctx->cpu_R[(reg & 0x0f)]);
+        tcg_gen_mov_i32(tcg_ctx, var, tcg_ctx->cpu_R[reg & 0x0f]);
     }
 }
 
@@ -154,7 +154,7 @@ static void store_reg(DisasContext *s, int reg, TCGv_i32 var)
         tcg_gen_andi_i32(tcg_ctx, var, var, ~1);
         s->is_jmp = DISAS_JUMP;
     }
-    tcg_gen_mov_i32(tcg_ctx, tcg_ctx->cpu_R[reg], var);
+    tcg_gen_mov_i32(tcg_ctx, tcg_ctx->cpu_R[reg & 0x0f], var);
     tcg_temp_free_i32(tcg_ctx, var);
 }
 
diff --git a/qemu/target-i386/ops_sse.h b/qemu/target-i386/ops_sse.h
index 5c0301d8..2b009c71 100644
--- a/qemu/target-i386/ops_sse.h
+++ b/qemu/target-i386/ops_sse.h
@@ -876,7 +876,7 @@ static inline uint64_t helper_insertq(uint64_t src, int shift, int len)
     } else {
         mask = (1ULL << (len & 0x3f)) - 1;
     }
-    return (src & ~(mask << shift)) | ((src & mask) << shift);
+    return (src & ~(mask << (shift & 0x3f))) | ((src & mask) << (shift & 0x3f));
 }
 
 void helper_insertq_r(CPUX86State *env, XMMReg *d, XMMReg *s)
diff --git a/qemu/target-mips/cpu.h b/qemu/target-mips/cpu.h
index 819b9447..df4ec2b5 100644
--- a/qemu/target-mips/cpu.h
+++ b/qemu/target-mips/cpu.h
@@ -113,8 +113,8 @@ struct CPUMIPSFPUContext {
 #define FCR0_REV 0
     /* fcsr */
     uint32_t fcr31;
-#define SET_FP_COND(num,env)     do { ((env).fcr31) |= ((num) ? ((int)(1U << ((num) + 24))) : (1 << 23)); } while(0)
-#define CLEAR_FP_COND(num,env)   do { ((env).fcr31) &= ~((num) ? ((int)(1U << ((num) + 24))) : (1 << 23)); } while(0)
+#define SET_FP_COND(num,env)     do { ((env).fcr31) |= ((num) ? ((int)(1U << (((num) + 24) & 0x1f))) : (1 << 23)); } while(0)
+#define CLEAR_FP_COND(num,env)   do { ((env).fcr31) &= ~((num) ? ((int)(1U << (((num) + 24) & 0x1f))) : (1 << 23)); } while(0)
 #define GET_FP_COND(env)         ((((env).fcr31 >> 24) & 0xfe) | (((env).fcr31 >> 23) & 0x1))
 #define GET_FP_CAUSE(reg)        (((reg) >> 12) & 0x3f)
 #define GET_FP_ENABLE(reg)       (((reg) >>  7) & 0x1f)