Fix bugs reported by Juha Riihimäki <juha.riihimaki@nokia.com>:

i) in function gen_bx_im, the last line (should be line 695 in your git HEAD) should be "tcg_gen_movi_i32..." instead of "tcg_gen_mov_i32". Otherwise BX/BLX immediate instructions will segfault QEMU. ii) you have a resource leak in disas_vfp_insn; on line 3129 in your git HEAD, you have allocated a new temporary (addr) but if the if-expression on line 3129 is true, it will not be released - I fixed this by adding a "dead_tmp(addr);" line between lines 3141 and 3142 (i.e. the last line of the if-block). iii) you have another resource issue in disas_thumb_insn; line 8306 should read "if (op != 0xf) dead_tmp(tmp);" instead of just plain "dead_tmp(tmp);" -- this is because in the above code the temporary variable tmp is not initialized if op==0xf and calling dead_tmp on it will cause problems. Signed-off-by: Filip Navara <filip.navara@gmail.com>

Fix bugs reported by Juha Riihimäki <juha.riihimaki@nokia.com>:
i) in function gen_bx_im, the last line (should be line 695 in your git HEAD) should be "tcg_gen_movi_i32..." instead of "tcg_gen_mov_i32". Otherwise BX/BLX immediate instructions will segfault QEMU. ii) you have a resource leak in disas_vfp_insn; on line 3129 in your git HEAD, you have allocated a new temporary (addr) but if the if-expression on line 3129 is true, it will not be released - I fixed this by adding a "dead_tmp(addr);" line between lines 3141 and 3142 (i.e. the last line of the if-block). iii) you have another resource issue in disas_thumb_insn; line 8306 should read "if (op != 0xf) dead_tmp(tmp);" instead of just plain "dead_tmp(tmp);" -- this is because in the above code the temporary variable tmp is not initialized if op==0xf and calling dead_tmp on it will cause problems. Signed-off-by: Filip Navara <filip.navara@gmail.com>
Filip Navara
1 parent 9bd54a4a
Showing 1 changed file with 4 additions and 2 deletions
target-arm/translate.c
@@ -692,7 +692,7 @@ static inline void gen_bx_im(DisasContext *s, uint32_t addr)
         tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUState, thumb));
         dead_tmp(tmp);
     }
-    tcg_gen_mov_i32(cpu_R[15], addr & ~1);
+    tcg_gen_movi_i32(cpu_R[15], addr & ~1);
 }
 /* Set PC and Thumb state from var.  var is marked as dead.  */
@@ -3139,6 +3139,7 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
                     gen_mov_F0_vreg(dp, rd);
                     gen_vfp_st(s, dp, addr);
                 }
+                dead_tmp(addr);
             } else {
                 /* load/store multiple */
                 if (dp)
@@ -8303,7 +8304,8 @@ static void disas_thumb_insn(CPUState *env, DisasContext *s)
         if (rd != 16) {
             if (val) {
                 store_reg(s, rm, tmp2);
-                dead_tmp(tmp);
+                if (op != 0xf)
+                    dead_tmp(tmp);
             } else {
                 store_reg(s, rd, tmp);
                 dead_tmp(tmp2);