From 7487c66bee3201acbf2bc5c02b0fc2d965049b38 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 17 Aug 2018 13:48:43 -0400 Subject: [PATCH] target/arm: Fix sign-extension in sve do_ldr/do_str The expression (int) imm + (uint32_t) len_align turns into uint32_t and thus with negative imm produces a memory operation at the wrong offset. None of the numbers involved are particularly large, so change everything to use int. Backports commit 19f2acc915a0f8f443a959844540a6f09133cc96 from qemu --- qemu/target/arm/translate-sve.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/qemu/target/arm/translate-sve.c b/qemu/target/arm/translate-sve.c index 7412d02f..789a49fc 100644 --- a/qemu/target/arm/translate-sve.c +++ b/qemu/target/arm/translate-sve.c @@ -4535,13 +4535,12 @@ static bool trans_UCVTF_dd(DisasContext *s, arg_rpr_esz *a, uint32_t insn) * The load should begin at the address Rn + IMM. */ -static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len, - int rn, int imm) +static void do_ldr(DisasContext *s, uint32_t vofs, int len, int rn, int imm) { TCGContext *tcg_ctx = s->uc->tcg_ctx; - uint32_t len_align = QEMU_ALIGN_DOWN(len, 8); - uint32_t len_remain = len % 8; - uint32_t nparts = len / 8 + ctpop8(len_remain); + int len_align = QEMU_ALIGN_DOWN(len, 8); + int len_remain = len % 8; + int nparts = len / 8 + ctpop8(len_remain); int midx = get_mem_index(s); TCGv_i64 addr, t0, t1; @@ -4622,12 +4621,11 @@ static void do_ldr(DisasContext *s, uint32_t vofs, uint32_t len, } /* Similarly for stores. */ -static void do_str(DisasContext *s, uint32_t vofs, uint32_t len, - int rn, int imm) +static void do_str(DisasContext *s, uint32_t vofs, int len, int rn, int imm) { - uint32_t len_align = QEMU_ALIGN_DOWN(len, 8); - uint32_t len_remain = len % 8; - uint32_t nparts = len / 8 + ctpop8(len_remain); + int len_align = QEMU_ALIGN_DOWN(len, 8); + int len_remain = len % 8; + int nparts = len / 8 + ctpop8(len_remain); int midx = get_mem_index(s); TCGv_i64 addr, t0;