[Stable-8.0.3 43/54] target/tricore: Fix out-of-bounds index in imask in

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Stable-8.0.3 43/54] target/tricore: Fix out-of-bounds index in imask in

From:	Michael Tokarev
Subject:	[Stable-8.0.3 43/54] target/tricore: Fix out-of-bounds index in imask instruction
Date:	Mon, 26 Jun 2023 21:49:50 +0300

From: Siqi Chen <coc.cyqh@gmail.com>

When translating  "imask" instruction of Tricore architecture, QEMU did not 
check whether the register index was out of bounds, resulting in a 
global-buffer-overflow.

Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698
Reported-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com>
Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de>
(cherry picked from commit d34b092cab606a47a0d76edde45aab7100bb2435)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 2646cb3eb5..1921b7bfb5 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -5327,6 +5327,7 @@ static void decode_rcrw_insert(DisasContext *ctx)
 
     switch (op2) {
     case OPC2_32_RCRW_IMASK:
+        CHECK_REG_PAIR(r4);
         tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f);
         tcg_gen_movi_tl(temp2, (1 << width) - 1);
         tcg_gen_shl_tl(cpu_gpr_d[r4 + 1], temp2, temp);
-- 
2.39.2

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/6] migration: Test the new "file:" migration, Fabiano Rosas, 2023/06/26
- [PATCH 2/6] tests/qtest: migration: Expose migrate_set_capability, Fabiano Rosas, 2023/06/26
- [PATCH 1/6] migration: Set migration status early in incoming side, Fabiano Rosas, 2023/06/26
- [PATCH 3/6] tests/qtest: migration: Add migrate_incoming_qmp helper, Fabiano Rosas, 2023/06/26
- [PATCH 4/6] tests/qtest: migration: Use migrate_incoming_qmp where appropriate, Fabiano Rosas, 2023/06/26
- [PATCH 5/6] tests/qtest: migration: Add support for negative testing of qmp_migrate, Fabiano Rosas, 2023/06/26
- [PATCH 6/6] tests/qtest: migration-test: Add tests for file-based migration, Fabiano Rosas, 2023/06/26

Prev by Date: [Stable-8.0.3 49/54] target/hppa: New SeaBIOS-hppa version 7
Next by Date: [Stable-8.0.3 42/54] hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
Previous by thread: which CPUs should call aarch64_add_{sve,pauth,sme}_properties() ?
Next by thread: [PATCH 2/6] tests/qtest: migration: Expose migrate_set_capability
Index(es):
- Date
- Thread