RCR and RCL instructions of a count of 9 is meaningless for 8-bit operands. In gen_RCR and gen_RCL functions, gen_rotc_mod converts a rotation of 9 to 0. But, the can_be_zero flag wasn't updated and hence we skip the immediate if branch. This causes 0 to underflow into -1 at tcg_gen_subi_tl(count, count, 1);
Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3452 --- target/i386/tcg/emit.c.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc index ce636b6c5..a71af846d 100644 --- a/target/i386/tcg/emit.c.inc +++ b/target/i386/tcg/emit.c.inc @@ -3452,6 +3452,7 @@ static void gen_RCL(DisasContext *s, X86DecodedInsn *decode) low_count = tcg_temp_new(); gen_rotc_mod(ot, count); + can_be_zero = (ot == MO_8 || ot == MO_16); have_1bit_cin = gen_eflags_adcox(s, decode, true, can_be_zero); if (can_be_zero) { zero_label = gen_new_label(); @@ -3504,6 +3505,7 @@ static void gen_RCR(DisasContext *s, X86DecodedInsn *decode) high_count = tcg_temp_new(); gen_rotc_mod(ot, count); + can_be_zero = (ot == MO_8 || ot == MO_16); have_1bit_cin = gen_eflags_adcox(s, decode, true, can_be_zero); if (can_be_zero) { zero_label = gen_new_label(); -- 2.54.0
