On 30 January 2015 at 12:59, Kirill Batuzov <batuz...@ispras.ru> wrote:
> The documentation states that if LSB > MSB in BFI instruction behaviour
> is unpredictable. Currently QEMU crashes because of assertion failure in
> this case:
>
> tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed.
>
> While assertion failure may meet the "unpredictable" definition this
> behaviour is undesirable because it allows an unprivileged guest program
> to crash the emulator with the OS and other programs.
>
> This patch addresses the issue by throwing illegal instruction exception
> if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
> has this check in place.
>
> To reproduce issue run the following program
>
> int main(void) {
> asm volatile (".long 0x07c00c12" :: );
> return 0;
> }
>
> compiled with
> gcc -marm -static badop_arm.c -o badop_arm
>
> Signed-off-by: Kirill Batuzov <batuz...@ispras.ru>
Applied to target-arm.next, thanks.
-- PMM
