From patchwork Fri Mar 3 15:50:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 94850 Delivered-To: patches@linaro.org Received: by 10.182.3.34 with SMTP id 2csp274248obz; Fri, 3 Mar 2017 07:50:38 -0800 (PST) X-Received: by 10.46.5.2 with SMTP id 2mr1350503ljf.34.1488556238124; Fri, 03 Mar 2017 07:50:38 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id b77si6182104lfh.322.2017.03.03.07.50.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2017 07:50:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTW-0006DE-SK; Fri, 03 Mar 2017 15:50:34 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Edgar E. Iglesias" , Richard Henderson , Paolo Bonzini , Eduardo Habkost , Laurent Vivier Subject: [PATCH for-2.9 1/6] disas/hppa: Remove dead code Date: Fri, 3 Mar 2017 15:50:28 +0000 Message-Id: <1488556233-31246-2-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> Coverity complains (CID 1302705) that the "fr0" part of the ?: in fput_fp_reg_r() is dead. This looks like cut-n-paste error from fput_fp_reg(); delete the dead code. Signed-off-by: Peter Maydell --- disas/hppa.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- 2.7.4 Reviewed-by: Philippe Mathieu-Daudé diff --git a/disas/hppa.c b/disas/hppa.c index 43facdc..a2d371f 100644 --- a/disas/hppa.c +++ b/disas/hppa.c @@ -1788,8 +1788,7 @@ fput_fp_reg_r (unsigned reg, disassemble_info *info) if (reg < 4) (*info->fprintf_func) (info->stream, "fpe%d", reg * 2 + 1); else - (*info->fprintf_func) (info->stream, "%sR", - reg ? fp_reg_names[reg] : "fr0"); + (*info->fprintf_func) (info->stream, "%sR", fp_reg_names[reg]); } static void From patchwork Fri Mar 3 15:50:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 94849 Delivered-To: patches@linaro.org Received: by 10.182.3.34 with SMTP id 2csp274245obz; Fri, 3 Mar 2017 07:50:37 -0800 (PST) X-Received: by 10.28.104.6 with SMTP id d6mr3585794wmc.79.1488556237807; Fri, 03 Mar 2017 07:50:37 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id l200si3390980wmd.149.2017.03.03.07.50.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2017 07:50:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTX-0006DP-Bd; Fri, 03 Mar 2017 15:50:35 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Edgar E. Iglesias" , Richard Henderson , Paolo Bonzini , Eduardo Habkost , Laurent Vivier Subject: [PATCH for-2.9 2/6] disas/i386: Avoid NULL pointer dereference in error case Date: Fri, 3 Mar 2017 15:50:29 +0000 Message-Id: <1488556233-31246-3-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> In a code path where we hit an internal disassembler error, execution would subsequently attempt to dereference a NULL pointer. This should never happen, but avoid the crash. Signed-off-by: Peter Maydell --- disas/i386.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 diff --git a/disas/i386.c b/disas/i386.c index 07f871f..f1e376c 100644 --- a/disas/i386.c +++ b/disas/i386.c @@ -4043,7 +4043,7 @@ print_insn (bfd_vma pc, disassemble_info *info) } } - if (putop (dp->name, sizeflag) == 0) + if (dp->name != NULL && putop (dp->name, sizeflag) == 0) { for (i = 0; i < MAX_OPERANDS; ++i) { From patchwork Fri Mar 3 15:50:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 94851 Delivered-To: patches@linaro.org Received: by 10.182.3.34 with SMTP id 2csp274249obz; Fri, 3 Mar 2017 07:50:38 -0800 (PST) X-Received: by 10.46.22.14 with SMTP id w14mr1359159ljd.18.1488556238229; Fri, 03 Mar 2017 07:50:38 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id i7si6171279ljb.273.2017.03.03.07.50.37 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2017 07:50:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTX-0006Da-Qc; Fri, 03 Mar 2017 15:50:35 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Edgar E. Iglesias" , Richard Henderson , Paolo Bonzini , Eduardo Habkost , Laurent Vivier Subject: [PATCH for-2.9 3/6] disas/m68k: Avoid unintended sign extension in get_field() Date: Fri, 3 Mar 2017 15:50:30 +0000 Message-Id: <1488556233-31246-4-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> In get_field(), we take an 'unsigned char' value and shift it left, which implicitly promotes it to 'signed int', before ORing it into an 'unsigned long' type. If 'unsigned long' is 64 bits then this will result in a sign extension and the top 32 bits of the result will be 1s. Add explicit casts to unsigned long before shifting to prevent this. (Spotted by Coverity, CID 715697.) Signed-off-by: Peter Maydell --- disas/m68k.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- 2.7.4 Reviewed-by: Laurent Vivier diff --git a/disas/m68k.c b/disas/m68k.c index 073abb9..61b689e 100644 --- a/disas/m68k.c +++ b/disas/m68k.c @@ -4685,10 +4685,11 @@ get_field (const unsigned char *data, enum floatformat_byteorders order, /* This is the last byte; zero out the bits which are not part of this field. */ result |= - (*(data + cur_byte) & ((1 << (len - cur_bitshift)) - 1)) + (unsigned long)(*(data + cur_byte) + & ((1 << (len - cur_bitshift)) - 1)) << cur_bitshift; else - result |= *(data + cur_byte) << cur_bitshift; + result |= (unsigned long)*(data + cur_byte) << cur_bitshift; cur_bitshift += FLOATFORMAT_CHAR_BIT; if (order == floatformat_little) ++cur_byte; From patchwork Fri Mar 3 15:50:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 94855 Delivered-To: patches@linaro.org Received: by 10.182.3.34 with SMTP id 2csp274278obz; Fri, 3 Mar 2017 07:50:41 -0800 (PST) X-Received: by 10.98.201.77 with SMTP id k74mr4374395pfg.74.1488556241310; Fri, 03 Mar 2017 07:50:41 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id c10si10959800pfj.210.2017.03.03.07.50.40 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2017 07:50:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTY-0006Dl-E9; Fri, 03 Mar 2017 15:50:36 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Edgar E. Iglesias" , Richard Henderson , Paolo Bonzini , Eduardo Habkost , Laurent Vivier Subject: [PATCH for-2.9 4/6] disas/microblaze: Avoid unintended sign extension Date: Fri, 3 Mar 2017 15:50:31 +0000 Message-Id: <1488556233-31246-5-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> In read_insn_microblaze() we assemble 4 bytes into an 'unsigned long'. If 'unsigned long' is 64 bits and the high byte has its top bit set, then C's implicit conversion from 'unsigned char' to 'int' for the shift will result in an unintended sign extension which sets the top 32 bits in 'inst'. Add casts to prevent this. (Spotted by Coverity, CID 1005401.) Signed-off-by: Peter Maydell --- disas/microblaze.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) -- 2.7.4 Reviewed-by: Edgar E. Iglesias diff --git a/disas/microblaze.c b/disas/microblaze.c index 91b30ac..407c0a3 100644 --- a/disas/microblaze.c +++ b/disas/microblaze.c @@ -748,9 +748,11 @@ read_insn_microblaze (bfd_vma memaddr, } if (info->endian == BFD_ENDIAN_BIG) - inst = (ibytes[0] << 24) | (ibytes[1] << 16) | (ibytes[2] << 8) | ibytes[3]; + inst = ((unsigned)ibytes[0] << 24) | (ibytes[1] << 16) + | (ibytes[2] << 8) | ibytes[3]; else if (info->endian == BFD_ENDIAN_LITTLE) - inst = (ibytes[3] << 24) | (ibytes[2] << 16) | (ibytes[1] << 8) | ibytes[0]; + inst = ((unsigned)ibytes[3] << 24) | (ibytes[2] << 16) + | (ibytes[1] << 8) | ibytes[0]; else abort (); From patchwork Fri Mar 3 15:50:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 94853 Delivered-To: patches@linaro.org Received: by 10.182.3.34 with SMTP id 2csp274257obz; Fri, 3 Mar 2017 07:50:39 -0800 (PST) X-Received: by 10.99.105.66 with SMTP id e63mr4258628pgc.104.1488556239503; Fri, 03 Mar 2017 07:50:39 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id z17si10980517pgf.39.2017.03.03.07.50.38 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2017 07:50:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTY-0006Dw-TL; Fri, 03 Mar 2017 15:50:36 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Edgar E. Iglesias" , Richard Henderson , Paolo Bonzini , Eduardo Habkost , Laurent Vivier Subject: [PATCH for-2.9 5/6] disas/cris: Avoid unintended sign extension Date: Fri, 3 Mar 2017 15:50:32 +0000 Message-Id: <1488556233-31246-6-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> In the cris disassembler we were using 'unsigned long' to calculate addresses which are supposed to be 32 bits. This meant that we might accidentally sign extend or calculate a value that was outside the 32 bit range of the guest CPU. Use 'uint32_t' instead so we give the right answers on 64-bit hosts. (Spotted by Coverity, CID 1005402, 1005403.) Signed-off-by: Peter Maydell --- disas/cris.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.4 Reviewed-by: Edgar E. Iglesias Reviewed-by: Philippe Mathieu-Daudé diff --git a/disas/cris.c b/disas/cris.c index 8a1daf9..30217f1 100644 --- a/disas/cris.c +++ b/disas/cris.c @@ -2009,7 +2009,7 @@ print_with_operands (const struct cris_opcode *opcodep, case 'n': { /* Like N but pc-relative to the start of the insn. */ - unsigned long number + uint32_t number = (buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 0x1000000 + addr); @@ -2201,7 +2201,7 @@ print_with_operands (const struct cris_opcode *opcodep, { /* It's [pc+]. This cannot possibly be anything but an address. */ - unsigned long number + uint32_t number = prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 0x1000000; From patchwork Fri Mar 3 15:50:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 94852 Delivered-To: patches@linaro.org Received: by 10.182.3.34 with SMTP id 2csp274254obz; Fri, 3 Mar 2017 07:50:38 -0800 (PST) X-Received: by 10.223.163.81 with SMTP id d17mr3269279wrb.93.1488556238720; Fri, 03 Mar 2017 07:50:38 -0800 (PST) Return-Path: Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by mx.google.com with ESMTPS id g32si15317463wra.216.2017.03.03.07.50.38 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 03 Mar 2017 07:50:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) client-ip=2001:8b0:1d0::2; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 2001:8b0:1d0::2 as permitted sender) smtp.mailfrom=pm215@archaic.org.uk; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1cjpTa-0006ER-68; Fri, 03 Mar 2017 15:50:38 +0000 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, "Edgar E. Iglesias" , Richard Henderson , Paolo Bonzini , Eduardo Habkost , Laurent Vivier Subject: [PATCH for-2.9 6/6] disas/arm: Avoid unintended sign extension Date: Fri, 3 Mar 2017 15:50:33 +0000 Message-Id: <1488556233-31246-7-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> References: <1488556233-31246-1-git-send-email-peter.maydell@linaro.org> When assembling 'given' from the instruction bytes, C's integer promotion rules mean we may promote an unsigned char to a signed integer before shifting it, and then sign extend to a 64-bit long, which can set the high bits of the long. The code doesn't in fact care about the high bits if the long is 64 bits, but this is surprising, so don't do it. (Spotted by Coverity, CID 1005404.) Signed-off-by: Peter Maydell --- Arguably 'given' should be uint32_t here rather than 'long', but a small change to placate Coverity seemed wiser than a wholesale change of the type of the 'given' variables/arguments through the whole file, since this is 3rd-party code that's known to work. --- disas/arm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.4 diff --git a/disas/arm.c b/disas/arm.c index 93c6503..27396dd 100644 --- a/disas/arm.c +++ b/disas/arm.c @@ -3901,9 +3901,9 @@ print_insn_arm (bfd_vma pc, struct disassemble_info *info) status = info->read_memory_func (pc, (bfd_byte *)b, 4, info); if (little) - given = (b[0]) | (b[1] << 8) | (b[2] << 16) | (b[3] << 24); + given = (b[0]) | (b[1] << 8) | (b[2] << 16) | ((unsigned)b[3] << 24); else - given = (b[3]) | (b[2] << 8) | (b[1] << 16) | (b[0] << 24); + given = (b[3]) | (b[2] << 8) | (b[1] << 16) | ((unsigned)b[0] << 24); } else {