From ca3912d9f7c77e8ccf6e8791d80b12ef6719c44f Mon Sep 17 00:00:00 2001
From: mio <mio@lazym.io>
Date: Mon, 10 Feb 2025 21:45:34 +0800
Subject: [PATCH] Fix undefined behavior converting TCGv_i32 to TCGv_i64

---
 qemu/target/arm/translate.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/qemu/target/arm/translate.c b/qemu/target/arm/translate.c
index b68040e0..01a65cc1 100644
--- a/qemu/target/arm/translate.c
+++ b/qemu/target/arm/translate.c
@@ -452,9 +452,11 @@ static void gen_sub_carry(TCGContext *tcg_ctx, TCGv_i32 dest, TCGv_i32 t0, TCGv_
     tcg_gen_subi_i32(tcg_ctx, dest, dest, 1);
 }
 
-static inline void mb_tcg_opcode_cmp_hook(TCGContext *tcg_ctx, TCGv_i64 v0, TCGv_i64 v1, uint32_t size)
+static inline void mb_tcg_opcode_cmp_hook(TCGContext *tcg_ctx, TCGv_i32 v0, TCGv_i32 v1, uint32_t size)
 {
     uc_engine *uc = tcg_ctx->uc;
+    TCGv_i64 targ1 = temp_tcgv_i64(tcg_ctx, tcgv_i32_temp(tcg_ctx, v0));
+    TCGv_i64 targ2 = temp_tcgv_i64(tcg_ctx, tcgv_i32_temp(tcg_ctx, v1));
     if (HOOK_EXISTS_BOUNDED(uc, UC_HOOK_TCG_OPCODE, tcg_ctx->pc_start)) {
         struct hook *hook;
         HOOK_FOREACH_VAR_DECLARE;
@@ -462,7 +464,7 @@ static inline void mb_tcg_opcode_cmp_hook(TCGContext *tcg_ctx, TCGv_i64 v0, TCGv
             if (hook->to_delete)
                 continue;
             if (hook->op == UC_TCG_OP_SUB && (hook->op_flags & UC_TCG_OP_FLAG_CMP)) {
-                gen_uc_traceopcode(tcg_ctx, hook, v0, v1, size, uc, tcg_ctx->pc_start);
+                gen_uc_traceopcode(tcg_ctx, hook, targ1, targ2, size, uc, tcg_ctx->pc_start);
             }
         }
     }
@@ -471,7 +473,7 @@ static inline void mb_tcg_opcode_cmp_hook(TCGContext *tcg_ctx, TCGv_i64 v0, TCGv
 /* dest = T0 + T1. Compute C, N, V and Z flags */
 static void gen_add_CC(TCGContext *tcg_ctx, TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 {
-    mb_tcg_opcode_cmp_hook(tcg_ctx, (TCGv_i64)t0, (TCGv_i64)t1, 32);
+    mb_tcg_opcode_cmp_hook(tcg_ctx, t0, t1, 32);
 
     TCGv_i32 tmp = tcg_temp_new_i32(tcg_ctx);
     tcg_gen_movi_i32(tcg_ctx, tmp, 0);
@@ -515,7 +517,7 @@ static void gen_adc_CC(TCGContext *tcg_ctx, TCGv_i32 dest, TCGv_i32 t0, TCGv_i32
 /* dest = T0 - T1. Compute C, N, V and Z flags */
 static void gen_sub_CC(TCGContext *tcg_ctx, TCGv_i32 dest, TCGv_i32 t0, TCGv_i32 t1)
 {
-    mb_tcg_opcode_cmp_hook(tcg_ctx, (TCGv_i64)t0, (TCGv_i64)t1, 32);
+    mb_tcg_opcode_cmp_hook(tcg_ctx, t0, t1, 32);
 
     TCGv_i32 tmp;
     tcg_gen_sub_i32(tcg_ctx, tcg_ctx->cpu_NF, t0, t1);