[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] Add more boundary checking to sse3/4 parsing
From: |
Aurelien Jarno |
Subject: |
Re: [Qemu-devel] [PATCH] Add more boundary checking to sse3/4 parsing |
Date: |
Fri, 2 Jul 2010 01:56:57 +0200 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Sun, Jun 27, 2010 at 12:06:11AM +0200, Andi Kleen wrote:
> Add more boundary checking to sse3/4 parsing
>
> s?sse3 uses tables with only two entries per op, but it is indexed
> with b1 which can contain variables upto 3. This happens when ssse3
> or sse4 are used with REP* prefixes.
>
> Add boundary checking for this case.
>
> Signed-off-by: Andi Kleen <address@hidden>
Thanks, applied.
> diff --git a/target-i386/translate.c b/target-i386/translate.c
> index 1336d6f..aae0374 100644
> --- a/target-i386/translate.c
> +++ b/target-i386/translate.c
> @@ -3472,6 +3472,8 @@ static void gen_sse(DisasContext *s, int b,
> target_ulong pc_start, int rex_r)
> case 0x171: /* shift xmm, im */
> case 0x172:
> case 0x173:
> + if (b1 >= 2)
> + goto illegal_op;
> val = ldub_code(s->pc++);
> if (is_xmm) {
> gen_op_movl_T0_im(val);
> @@ -3699,6 +3701,8 @@ static void gen_sse(DisasContext *s, int b,
> target_ulong pc_start, int rex_r)
> rm = modrm & 7;
> reg = ((modrm >> 3) & 7) | rex_r;
> mod = (modrm >> 6) & 3;
> + if (b1 >= 2)
> + goto illegal_op;
>
> sse_op2 = sse_op_table6[b].op[b1];
> if (!sse_op2)
> @@ -3798,6 +3802,8 @@ static void gen_sse(DisasContext *s, int b,
> target_ulong pc_start, int rex_r)
> rm = modrm & 7;
> reg = ((modrm >> 3) & 7) | rex_r;
> mod = (modrm >> 6) & 3;
> + if (b1 >= 2)
> + goto illegal_op;
>
> sse_op2 = sse_op_table7[b].op[b1];
> if (!sse_op2)
>
>
--
Aurelien Jarno GPG: 1024D/F1BCDB73
address@hidden http://www.aurel32.net
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PATCH] Add more boundary checking to sse3/4 parsing,
Aurelien Jarno <=