From be00a3e1006e2c34401593b50008c0cff1a149df Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Mon, 26 Feb 2018 10:04:43 -0500
Subject: [PATCH] target-i386: fix 32-bit addresses in LEA

This was found with test-i386. The issue is that instructions
such as

addr32 lea (%eax), %rax

did not perform a 32-bit extension, because the LEA translation
skipped the gen_lea_v_seg step. That step does not just add
segments, it also takes care of extending from address size to
pointer size.

Backports commit 620abfb004543404bef1953e25da2ad77352941a from qemu
---
 qemu/target-i386/translate.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/qemu/target-i386/translate.c b/qemu/target-i386/translate.c
index e05a50f0..788e6254 100644
--- a/qemu/target-i386/translate.c
+++ b/qemu/target-i386/translate.c
@@ -547,13 +547,12 @@ static void gen_lea_v_seg(DisasContext *s, TCGMemOp aflag, TCGv a0,
 #endif
     case MO_32:
         /* 32 bit address */
+        if (ovr_seg < 0 && s->addseg) {
+            ovr_seg = def_seg;
+        }
         if (ovr_seg < 0) {
-            if (s->addseg) {
-                ovr_seg = def_seg;
-            } else {
-                tcg_gen_ext32u_tl(tcg_ctx, cpu_A0, a0);
-                return;
-            }
+            tcg_gen_ext32u_tl(tcg_ctx, cpu_A0, a0);
+            return;
         }
         break;
     case MO_16:
@@ -6032,7 +6031,8 @@ static target_ulong disas_insn(CPUX86State *env, DisasContext *s,
         {
             AddressParts a = gen_lea_modrm_0(env, s, modrm);
             TCGv ea = gen_lea_modrm_1(s, a);
-            gen_op_mov_reg_v(tcg_ctx, dflag, reg, ea);
+            gen_lea_v_seg(s, s->aflag, ea, -1, -1);
+            gen_op_mov_reg_v(tcg_ctx, dflag, reg, cpu_A0);
         }
         break;