From f435efd4a77440809ae8841829b15223dbcd99d8 Mon Sep 17 00:00:00 2001
From: Chen Huitao <h980501427@163.com>
Date: Tue, 5 May 2020 11:11:59 +0800
Subject: [PATCH] fix some oss-fuzz (#1249)

* fix oss-fuzz 21012.

* fix oss-fuzz 21741.

* fix oss-fuzz 21743.
---
 qemu/target-arm/neon_helper.c | 2 +-
 qemu/target-i386/ops_sse.h    | 2 +-
 qemu/tcg/optimize.c           | 3 +++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/qemu/target-arm/neon_helper.c b/qemu/target-arm/neon_helper.c
index dc8fb3fd..5376c5c5 100644
--- a/qemu/target-arm/neon_helper.c
+++ b/qemu/target-arm/neon_helper.c
@@ -855,7 +855,7 @@ uint64_t HELPER(neon_qshl_u64)(CPUARMState *env, uint64_t val, uint64_t shiftop)
     if (tmp >= (ssize_t)sizeof(src1) * 8) { \
         if (src1) { \
             SET_QC(); \
-            dest = (uint32_t)(1 << (sizeof(src1) * 8 - 1)); \
+            dest = (uint32_t)(1U << (sizeof(src1) * 8 - 1)); \
             if (src1 > 0) { \
                 dest--; \
             } \
diff --git a/qemu/target-i386/ops_sse.h b/qemu/target-i386/ops_sse.h
index 916f83e9..290a0d23 100644
--- a/qemu/target-i386/ops_sse.h
+++ b/qemu/target-i386/ops_sse.h
@@ -441,7 +441,7 @@ void glue(helper_pmaddwd, SUFFIX)(CPUX86State *env, Reg *d, Reg *s)
 #if SHIFT == 0
 static inline int abs1(int a)
 {
-    if (a < 0) {
+    if (a < 0 && a != 0x80000000) {
         return -a;
     } else {
         return a;
diff --git a/qemu/tcg/optimize.c b/qemu/tcg/optimize.c
index cb9626de..6793761a 100644
--- a/qemu/tcg/optimize.c
+++ b/qemu/tcg/optimize.c
@@ -550,6 +550,9 @@ static TCGArg *tcg_constant_folding(TCGContext *s, uint16_t *tcg_opc_ptr,
     reset_all_temps(s, nb_temps);
 
     nb_ops = tcg_opc_ptr - s->gen_opc_buf;
+    if (nb_ops > OPC_BUF_SIZE) {
+        return NULL;
+    }
     gen_args = args;
     for (op_index = 0; op_index < nb_ops; op_index++) {
         TCGOpcode op = s->gen_opc_buf[op_index];