[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] tcg: fix segfault when MO_UNALN is set
|
From: |
Yongbok Kim |
|
Subject: |
Re: [Qemu-devel] [PATCH] tcg: fix segfault when MO_UNALN is set |
|
Date: |
Tue, 26 May 2015 16:57:12 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 |
On 26/05/2015 16:49, Richard Henderson wrote:
> On 05/26/2015 05:46 AM, Yongbok Kim wrote:
>> MO_UNALN caused segfaults when it is set, it reached out of boundary of
>> load/ store function pointer arrays in tcg_out_qemu_{ld,st}_slow_path()
>> or its equivalents.
>
> I'd like to know more about this crash please. Where does it happen?
>
>
> r~
>
tcg/i386/tcg-target.c
> static void * const qemu_st_helpers[16] = {
> [MO_UB] = helper_ret_stb_mmu,
> [MO_LEUW] = helper_le_stw_mmu,
> [MO_LEUL] = helper_le_stl_mmu,
> [MO_LEQ] = helper_le_stq_mmu,
> [MO_BEUW] = helper_be_stw_mmu,
> [MO_BEUL] = helper_be_stl_mmu,
> [MO_BEQ] = helper_be_stq_mmu,
> };
...
> static void tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l)
> {
> TCGMemOp opc = get_memop(oi);
> /* "Tail call" to the helper, with the return address back inline. */
> tcg_out_push(s, retaddr);
> tcg_out_jmp(s, qemu_st_helpers[opc]);
Here is the crashing point...
Regards,
Yongbok