fix some oss-fuzz bugs (#1180)

* fix oss-fuzz 10419. * fix oss-fuzz 10427. * fix oss-fuzz 10421. * fix oss-fuzz 10422. * fix oss-fuzz 10425. * fix oss-fuzz 10426. * fix oss-fuzz 10426. * fix oss-fuzz 10422. * fix oss-fuzz 10426. * fix oss-fuzz 10456. * fix oss-fuzz 10428. * fix oss-fuzz 10429. * fix oss-fuzz 10431. * fix oss-fuzz 10435. * fix oss-fuzz 10430. * fix oss-fuzz 10436. * remove unused var.
2020-01-04 23:42:02 +08:00
parent 99097cab4c
commit 68eb357984
8 changed files with 17 additions and 17 deletions
--- a/qemu/target-mips/helper.c
+++ b/qemu/target-mips/helper.c
@@ -75,7 +75,7 @@ int r4k_map_address (CPUMIPSState *env, hwaddr *physical, int *prot,
    for (i = 0; i < env->tlb->tlb_in_use; i++) {
        r4k_tlb_t *tlb = &env->tlb->mmu.r4k.tlb[i];
        /* 1k pages are not supported. */
-        target_ulong mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
+        target_ulong mask = tlb->PageMask | ~(((unsigned int)TARGET_PAGE_MASK) << 1);
        target_ulong tag = address & ~mask;
        target_ulong VPN = tlb->VPN & ~mask;
 #if defined(TARGET_MIPS64)
@@ -286,7 +286,7 @@ static void raise_mmu_exception(CPUMIPSState *env, target_ulong address,
    env->CP0_Context = (env->CP0_Context & ~0x007fffff) |
                       ((address >> 9) & 0x007ffff0);
    env->CP0_EntryHi =
-        (env->CP0_EntryHi & 0xFF) | (address & (TARGET_PAGE_MASK << 1));
+        (env->CP0_EntryHi & 0xFF) | (address & (((unsigned int)TARGET_PAGE_MASK) << 1));
 #if defined(TARGET_MIPS64)
    env->CP0_EntryHi &= env->SEGMask;
    env->CP0_XContext = (env->CP0_XContext & ((~0ULL) << (env->SEGBITS - 7))) |
@@ -788,7 +788,7 @@ void r4k_invalidate_tlb (CPUMIPSState *env, int idx, int use_extra)
    }

    /* 1k pages are not supported. */
-    mask = tlb->PageMask | ~(TARGET_PAGE_MASK << 1);
+    mask = tlb->PageMask | ~(((unsigned int)TARGET_PAGE_MASK) << 1);
    if (tlb->V0) {
        cs = CPU(cpu);
        addr = tlb->VPN & ~mask;
--- a/qemu/target-mips/translate.c
+++ b/qemu/target-mips/translate.c
@@ -2547,11 +2547,11 @@ static void gen_logic_imm(DisasContext *ctx, uint32_t opc,
    case OPC_LUI:
        if (rs != 0 && (ctx->insn_flags & ISA_MIPS32R6)) {
            /* OPC_AUI */
-            tcg_gen_addi_tl(tcg_ctx, *cpu_gpr[rt], *cpu_gpr[rs], imm << 16);
+            tcg_gen_addi_tl(tcg_ctx, *cpu_gpr[rt], *cpu_gpr[rs], uimm << 16);
            tcg_gen_ext32s_tl(tcg_ctx, *cpu_gpr[rt], *cpu_gpr[rt]);
            MIPS_DEBUG("aui %s, %s, %04x", regnames[rt], regnames[rs], imm);
        } else {
-            tcg_gen_movi_tl(tcg_ctx, *cpu_gpr[rt], imm << 16);
+            tcg_gen_movi_tl(tcg_ctx, *cpu_gpr[rt], uimm << 16);
            MIPS_DEBUG("lui %s, " TARGET_FMT_lx, regnames[rt], uimm);
        }
        break;
@@ -4735,7 +4735,7 @@ static void gen_bitops (DisasContext *ctx, uint32_t opc, int rt,
            goto fail;
        tcg_gen_shri_tl(tcg_ctx, t0, t1, lsb);
        if (msb != 31) {
-            tcg_gen_andi_tl(tcg_ctx, t0, t0, (1 << (msb + 1)) - 1);
+            tcg_gen_andi_tl(tcg_ctx, t0, t0, (1U << (msb + 1)) - 1);
        } else {
            tcg_gen_ext32s_tl(tcg_ctx, t0, t0);
        }
@@ -18871,7 +18871,7 @@ static void decode_opc (CPUMIPSState *env, DisasContext *ctx, bool *insn_need_pa
                check_cop1x(ctx);
                check_insn(ctx, ASE_MIPS3D);
                gen_compute_branch1(ctx, MASK_BC1(ctx->opcode),
-                                    (rt >> 2) & 0x7, imm << 2);
+                                    (rt >> 2) & 0x7, ((uint16_t)imm) << 2);
            }
            break;
        case OPC_BC1NEZ: