mirror of
https://github.com/yuzu-emu/unicorn.git
synced 2025-02-03 13:11:09 +00:00
d45ea1ba3b
The documentation states that if LSB > MSB in BFI instruction behaviour
is unpredictable. Currently QEMU crashes because of assertion failure in
this case:
tcg/tcg-op.h:2061: tcg_gen_deposit_i32: Assertion `len <= 32' failed.
While assertion failure may meet the "unpredictable" definition this
behaviour is undesirable because it allows an unprivileged guest program
to crash the emulator with the OS and other programs.
This patch addresses the issue by throwing illegal instruction exception
if LSB > MSB. Only ARM decoder is affected because Thumb decoder already
has this check in place.
To reproduce issue run the following program
int main(void) {
asm volatile (".long 0x07c00c12" :: );
return 0;
}
compiled with
gcc -marm -static badop_arm.c -o badop_arm
Backports commit 45140a57675ecb4b0daee71bf145c24dbdf9429c from qemu
|
||
|---|---|---|
| .. | ||
| arm_ldst.h | ||
| cpu-qom.h | ||
| cpu.c | ||
| cpu.h | ||
| cpu64.c | ||
| crypto_helper.c | ||
| helper-a64.c | ||
| helper-a64.h | ||
| helper.c | ||
| helper.h | ||
| internals.h | ||
| iwmmxt_helper.c | ||
| kvm-consts.h | ||
| Makefile.objs | ||
| neon_helper.c | ||
| op_addsub.h | ||
| op_helper.c | ||
| psci.c | ||
| translate-a64.c | ||
| translate.c | ||
| translate.h | ||
| unicorn.h | ||
| unicorn_aarch64.c | ||
| unicorn_arm.c | ||