Skip to content

Commit 94248cf

Browse files
Catherine A. Frederickrth7680
Catherine A. Frederick
authored and
rth7680
committed
tcg/ppc: Sanitize immediate shifts
Sanitize shift constants so that shift operations with large constants don't generate invalid instructions. Signed-off-by: Catherine A. Frederick <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
1 parent eb6490f commit 94248cf

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

tcg/ppc/tcg-target.inc.c

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2610,21 +2610,24 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args,
26102610

26112611
case INDEX_op_shl_i32:
26122612
if (const_args[2]) {
2613-
tcg_out_shli32(s, args[0], args[1], args[2]);
2613+
/* Limit immediate shift count lest we create an illegal insn. */
2614+
tcg_out_shli32(s, args[0], args[1], args[2] & 31);
26142615
} else {
26152616
tcg_out32(s, SLW | SAB(args[1], args[0], args[2]));
26162617
}
26172618
break;
26182619
case INDEX_op_shr_i32:
26192620
if (const_args[2]) {
2620-
tcg_out_shri32(s, args[0], args[1], args[2]);
2621+
/* Limit immediate shift count lest we create an illegal insn. */
2622+
tcg_out_shri32(s, args[0], args[1], args[2] & 31);
26212623
} else {
26222624
tcg_out32(s, SRW | SAB(args[1], args[0], args[2]));
26232625
}
26242626
break;
26252627
case INDEX_op_sar_i32:
26262628
if (const_args[2]) {
2627-
tcg_out32(s, SRAWI | RS(args[1]) | RA(args[0]) | SH(args[2]));
2629+
/* Limit immediate shift count lest we create an illegal insn. */
2630+
tcg_out32(s, SRAWI | RS(args[1]) | RA(args[0]) | SH(args[2] & 31));
26282631
} else {
26292632
tcg_out32(s, SRAW | SAB(args[1], args[0], args[2]));
26302633
}
@@ -2696,14 +2699,16 @@ static void tcg_out_op(TCGContext *s, TCGOpcode opc, const TCGArg *args,
26962699

26972700
case INDEX_op_shl_i64:
26982701
if (const_args[2]) {
2699-
tcg_out_shli64(s, args[0], args[1], args[2]);
2702+
/* Limit immediate shift count lest we create an illegal insn. */
2703+
tcg_out_shli64(s, args[0], args[1], args[2] & 63);
27002704
} else {
27012705
tcg_out32(s, SLD | SAB(args[1], args[0], args[2]));
27022706
}
27032707
break;
27042708
case INDEX_op_shr_i64:
27052709
if (const_args[2]) {
2706-
tcg_out_shri64(s, args[0], args[1], args[2]);
2710+
/* Limit immediate shift count lest we create an illegal insn. */
2711+
tcg_out_shri64(s, args[0], args[1], args[2] & 63);
27072712
} else {
27082713
tcg_out32(s, SRD | SAB(args[1], args[0], args[2]));
27092714
}

0 commit comments

Comments
 (0)