fix some oss-fuzz bugs (#1182)

* fix oss-fuzz 10419. * fix oss-fuzz 10427. * fix oss-fuzz 10421. * fix oss-fuzz 10422. * fix oss-fuzz 10425. * fix oss-fuzz 10426. * fix oss-fuzz 10426. * fix oss-fuzz 10422. * fix oss-fuzz 10426. * fix oss-fuzz 10456. * fix oss-fuzz 10428. * fix oss-fuzz 10429. * fix oss-fuzz 10431. * fix oss-fuzz 10435. * fix oss-fuzz 10430. * fix oss-fuzz 10436. * remove unused var. * fix oss-fuzz 10449. * fix oss-fuzz 10452. * fix oss-fuzz 11792. * fix oss-fuzz 10457. * fix oss-fuzz 11737. * fix oss-fuzz 10458. * fix oss-fuzz 10565. * fix oss-fuzz 11651. * fix oss-fuzz 10497. * fix oss-fuzz 10515. * fix oss-fuzz 10586. * fix oss-fuzz 10597. * fiz oss-fuzz 11721. * fix oss-fuzz 10718. * fix oss-fuzz 15610. * fix oss-fuzz 10512. * fix oss-fuzz 10545.
2020-01-05 19:20:29 +08:00
parent 68eb357984
commit 8621bca537
14 changed files with 31 additions and 31 deletions
--- a/qemu/target-i386/cpu.h
+++ b/qemu/target-i386/cpu.h
@@ -265,7 +265,7 @@
 #define PG_ADDRESS_MASK  0x000ffffffffff000LL
 #define PG_HI_RSVD_MASK  (PG_ADDRESS_MASK & ~PHYS_ADDR_MASK)
 #define PG_HI_USER_MASK  0x7ff0000000000000LL
-#define PG_NX_MASK       (1LL << PG_NX_BIT)
+#define PG_NX_MASK       (1ULL << PG_NX_BIT)

 #define PG_ERROR_W_BIT     1

--- a/qemu/target-i386/fpu_helper.c
+++ b/qemu/target-i386/fpu_helper.c
@@ -999,7 +999,7 @@ void helper_fstenv(CPUX86State *env, target_ulong ptr, int data32)
                /* zero */
                fptag |= 1;
            } else if (exp == 0 || exp == MAXEXPD
-                       || (mant & (1LL << 63)) == 0) {
+                       || (mant & (1ULL << 63)) == 0) {
                /* NaNs, infinity, denormal */
                fptag |= 2;
            }
--- a/qemu/target-i386/ops_sse.h
+++ b/qemu/target-i386/ops_sse.h
@@ -874,7 +874,7 @@ static inline uint64_t helper_insertq(uint64_t src, int shift, int len)
    if (len == 0) {
        mask = ~0ULL;
    } else {
-        mask = (1ULL << len) - 1;
+        mask = (1ULL << (len & 0x3f)) - 1;
    }
    return (src & ~(mask << shift)) | ((src & mask) << shift);
 }
--- a/qemu/target-i386/translate.c
+++ b/qemu/target-i386/translate.c
@@ -1014,7 +1014,7 @@ static CCPrepare gen_prepare_eflags_c(DisasContext *s, TCGv reg)
        /* (CC_SRC >> (DATA_BITS - 1)) & 1 */
            size = s->cc_op - CC_OP_SHLB;
        shift = (8 << size) - 1;
-        return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, (target_ulong)(1 << shift), false, false);
+        return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, (target_ulong)(1U << shift), false, false);

    case CC_OP_MULB: case CC_OP_MULW: case CC_OP_MULL: case CC_OP_MULQ:
        return ccprepare_make(TCG_COND_NE, cpu_cc_src, 0, 0, -1, false, false);