[Qemu-devel] [PATCH] x86: Fixed incorrect segment base address addition

Vitaly Chipounov Mon, 02 Jul 2012 07:16:11 -0700

An instruction with address and segment size override triggers the bug.
inc dword ptr gs:260h[ebx*4] gets incorrectly translated to:
(uint32_t)(gs.base + ebx * 4 + 0x260)
instead of
gs.base + (uint32_t)(ebx * 4 + 0x260)


Signed-off-by: Vitaly Chipounov <vitaly.chipou...@epfl.ch>
---
 target-i386/translate.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/target-i386/translate.c b/target-i386/translate.c
index a902f4a..9ca7375 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -459,10 +459,10 @@ static inline void gen_op_movl_A0_seg(int reg)
 static inline void gen_op_addl_A0_seg(int reg)
 {
     tcg_gen_ld_tl(cpu_tmp0, cpu_env, offsetof(CPUX86State, segs[reg].base));
-    tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
 #ifdef TARGET_X86_64
     tcg_gen_andi_tl(cpu_A0, cpu_A0, 0xffffffff);
 #endif
+    tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0);
 }
 
 #ifdef TARGET_X86_64
-- 
1.7.4.1

[Qemu-devel] [PATCH] x86: Fixed incorrect segment base address addition

Reply via email to