Re: [PATCH 1/4] target/i386: decode-new: avoid out-of-bounds access to x

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/4] target/i386: decode-new: avoid out-of-bounds access to x

From:	Philippe Mathieu-Daudé
Subject:	Re: [PATCH 1/4] target/i386: decode-new: avoid out-of-bounds access to xmm_regs[-1]
Date:	Wed, 19 Oct 2022 21:47:36 +0200
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.3.2

On 19/10/22 17:06, Paolo Bonzini wrote:

If the destination is a memory register, op->n is -1.  Going through
tcg_gen_gvec_dup_imm path is both useless (the value has been stored
by the gen_* function already) and wrong because of the out-of-bounds
access.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
  target/i386/tcg/emit.c.inc | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/i386/tcg/emit.c.inc b/target/i386/tcg/emit.c.inc
index 27eca591a9..ebf299451d 100644
--- a/target/i386/tcg/emit.c.inc
+++ b/target/i386/tcg/emit.c.inc
@@ -296,7 +296,7 @@ static void gen_writeback(DisasContext *s, X86DecodedInsn 
*decode, int opn, TCGv
      case X86_OP_MMX:
          break;
      case X86_OP_SSE:
-        if ((s->prefix & PREFIX_VEX) && op->ot == MO_128) {
+        if (!op->has_ea && (s->prefix & PREFIX_VEX) && op->ot == MO_128) {
              tcg_gen_gvec_dup_imm(MO_64,
                                   offsetof(CPUX86State, 
xmm_regs[op->n].ZMM_X(1)),
                                   16, 16, 0);

Fixes: 20581aadec ("target/i386: validate VEX prefixes via theinstructions' exception classes")


Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/4] target/i386: support x86_64-v3 for user mode applications, Paolo Bonzini, 2022/10/19
- [PATCH 2/4] target/i386: introduce function to set rounding mode from FPCW or MXCSR bits, Paolo Bonzini, 2022/10/19
  - Re: [PATCH 2/4] target/i386: introduce function to set rounding mode from FPCW or MXCSR bits, Philippe Mathieu-Daudé, 2022/10/19
  - Re: [PATCH 2/4] target/i386: introduce function to set rounding mode from FPCW or MXCSR bits, Richard Henderson, 2022/10/20
- [PATCH 1/4] target/i386: decode-new: avoid out-of-bounds access to xmm_regs[-1], Paolo Bonzini, 2022/10/19
  - Re: [PATCH 1/4] target/i386: decode-new: avoid out-of-bounds access to xmm_regs[-1], Philippe Mathieu-Daudé <=
  - Re: [PATCH 1/4] target/i386: decode-new: avoid out-of-bounds access to xmm_regs[-1], Richard Henderson, 2022/10/20
- [PATCH 4/4] target/i386: implement FMA instructions, Paolo Bonzini, 2022/10/19
  - Re: [PATCH 4/4] target/i386: implement FMA instructions, Richard Henderson, 2022/10/20
    - Re: [PATCH 4/4] target/i386: implement FMA instructions, Paolo Bonzini, 2022/10/20
- [PATCH 3/4] target/i386: implement F16C instructions, Paolo Bonzini, 2022/10/19
  - Re: [PATCH 3/4] target/i386: implement F16C instructions, Richard Henderson, 2022/10/20

Prev by Date: Re: [PATCH] hw/acpi/erst.c: Fix memset argument order
Next by Date: Re: [RFC PATCH] target/s390x: fake instruction loading when handling 'ex'
Previous by thread: [PATCH 1/4] target/i386: decode-new: avoid out-of-bounds access to xmm_regs[-1]
Next by thread: Re: [PATCH 1/4] target/i386: decode-new: avoid out-of-bounds access to xmm_regs[-1]
Index(es):
- Date
- Thread