Richard pointed out in another thread that when computing next_page_start we can break checks for the last page in the address space due to integer overflow. This affects several targets; the appended fixes them.
You can fetch the patches from: https://github.com/cota/qemu/tree/next_page_overflow Thanks, Emilio --- target/arm/translate.c | 11 +++++------ target/arm/translate.h | 2 +- target/cris/translate.c | 6 +++--- target/lm32/translate.c | 6 +++--- target/microblaze/translate.c | 6 +++--- target/mips/translate.c | 6 +++--- target/riscv/translate.c | 6 +++--- target/s390x/translate.c | 6 +++--- target/tilegx/translate.c | 4 ++-- target/unicore32/translate.c | 6 +++--- target/xtensa/translate.c | 9 ++++----- 11 files changed, 33 insertions(+), 35 deletions(-)