[PULL 02/12] target/i386: Verify memory operand for lcall and ljmp

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 02/12] target/i386: Verify memory operand for lcall and ljmp

From:	Paolo Bonzini
Subject:	[PULL 02/12] target/i386: Verify memory operand for lcall and ljmp
Date:	Thu, 1 Apr 2021 13:22:13 +0200

From: Richard Henderson <richard.henderson@linaro.org>

These two opcodes only allow a memory operand.

Lacking the check for a register operand, we used the A0 temp
without initialization, which led to a tcg abort.

Buglink: https://bugs.launchpad.net/qemu/+bug/1921138
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210324164650.128608-1-richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 target/i386/tcg/translate.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index af1faf9342..880bc45561 100644
--- a/target/i386/tcg/translate.c
+++ b/target/i386/tcg/translate.c
@@ -5061,6 +5061,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState 
*cpu)
             gen_jr(s, s->T0);
             break;
         case 3: /* lcall Ev */
+            if (mod == 3) {
+                goto illegal_op;
+            }
             gen_op_ld_v(s, ot, s->T1, s->A0);
             gen_add_A0_im(s, 1 << ot);
             gen_op_ld_v(s, MO_16, s->T0, s->A0);
@@ -5088,6 +5091,9 @@ static target_ulong disas_insn(DisasContext *s, CPUState 
*cpu)
             gen_jr(s, s->T0);
             break;
         case 5: /* ljmp Ev */
+            if (mod == 3) {
+                goto illegal_op;
+            }
             gen_op_ld_v(s, ot, s->T1, s->A0);
             gen_add_A0_im(s, 1 << ot);
             gen_op_ld_v(s, MO_16, s->T0, s->A0);
-- 
2.30.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 00/12] Misc patches for QEMU 6.0-rc2, Paolo Bonzini, 2021/04/01
- [PULL 01/12] meson: Propagate gnutls dependency to migration, Paolo Bonzini, 2021/04/01
- [PULL 07/12] replay: notify CPU on event, Paolo Bonzini, 2021/04/01
- [PULL 04/12] replay: fix recursive checkpoints, Paolo Bonzini, 2021/04/01
- [PULL 09/12] configure: Do not use default_feature for EXESUF, Paolo Bonzini, 2021/04/01
- [PULL 03/12] qapi: qom: do not use target-specific conditionals, Paolo Bonzini, 2021/04/01
- [PULL 06/12] icount: get rid of static variable, Paolo Bonzini, 2021/04/01
- [PULL 10/12] hexagon: do not specify executables as inputs, Paolo Bonzini, 2021/04/01
- [PULL 02/12] target/i386: Verify memory operand for lcall and ljmp, Paolo Bonzini <=
- [PULL 12/12] docs: Add a QEMU Code of Conduct and Conflict Resolution Policy document, Paolo Bonzini, 2021/04/01
- [PULL 11/12] hexagon: do not specify Python scripts as inputs, Paolo Bonzini, 2021/04/01
- [PULL 08/12] target/openrisc: fix icount handling for timer instructions, Paolo Bonzini, 2021/04/01
- [PULL 05/12] Revert "qom: use qemu_printf to print help for user-creatable objects", Paolo Bonzini, 2021/04/01
- Re: [PULL 00/12] Misc patches for QEMU 6.0-rc2, Peter Maydell, 2021/04/01

Prev by Date: [PULL 10/12] hexagon: do not specify executables as inputs
Next by Date: [PULL 12/12] docs: Add a QEMU Code of Conduct and Conflict Resolution Policy document
Previous by thread: [PULL 10/12] hexagon: do not specify executables as inputs
Next by thread: [PULL 12/12] docs: Add a QEMU Code of Conduct and Conflict Resolution Policy document
Index(es):
- Date
- Thread