Commit faf7aaa9183d5f2029ada291837a8716e9be127b
1 parent
8df1ca4b
Avoid gen_opc_buf overflow.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4731 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
1 changed file
with
6 additions
and
2 deletions
target-mips/translate.c
| ... | ... | @@ -7229,7 +7229,8 @@ gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb, |
| 7229 | 7229 | fprintf (logfile, "search pc %d\n", search_pc); |
| 7230 | 7230 | |
| 7231 | 7231 | pc_start = tb->pc; |
| 7232 | - gen_opc_end = gen_opc_buf + OPC_MAX_SIZE; | |
| 7232 | + /* Leave some spare opc slots for branch handling. */ | |
| 7233 | + gen_opc_end = gen_opc_buf + OPC_MAX_SIZE - 16; | |
| 7233 | 7234 | ctx.pc = pc_start; |
| 7234 | 7235 | ctx.saved_pc = -1; |
| 7235 | 7236 | ctx.tb = tb; |
| ... | ... | @@ -7254,7 +7255,7 @@ gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb, |
| 7254 | 7255 | fprintf(logfile, "\ntb %p idx %d hflags %04x\n", |
| 7255 | 7256 | tb, ctx.mem_idx, ctx.hflags); |
| 7256 | 7257 | #endif |
| 7257 | - while (ctx.bstate == BS_NONE && gen_opc_ptr < gen_opc_end) { | |
| 7258 | + while (ctx.bstate == BS_NONE) { | |
| 7258 | 7259 | if (env->nb_breakpoints > 0) { |
| 7259 | 7260 | for(j = 0; j < env->nb_breakpoints; j++) { |
| 7260 | 7261 | if (env->breakpoints[j] == ctx.pc) { |
| ... | ... | @@ -7290,6 +7291,9 @@ gen_intermediate_code_internal (CPUState *env, TranslationBlock *tb, |
| 7290 | 7291 | if ((ctx.pc & (TARGET_PAGE_SIZE - 1)) == 0) |
| 7291 | 7292 | break; |
| 7292 | 7293 | |
| 7294 | + if (gen_opc_ptr >= gen_opc_end) | |
| 7295 | + break; | |
| 7296 | + | |
| 7293 | 7297 | #if defined (MIPS_SINGLE_STEP) |
| 7294 | 7298 | break; |
| 7295 | 7299 | #endif | ... | ... |