On 09/27/2011 12:01 PM, Alexander Graf wrote: > > On 27.09.2011, at 18:52, Scott Wood wrote: > >> On 09/27/2011 07:45 AM, Alexander Graf wrote: >>> So this is the main change, right? Why the -1? A guest could potentially >>> access pib[-1] using this, no? >> >> Not with the values of addr that lead to this code. The -1 is because >> IW1/2/3 are 0x1e0/0x1c0/0x1a0. Previously IW1 would overflow the array. > > We're matching on addr & 0xfe0 and do the switch based on that. Possible > values are: > > 0x1a0 > 0x1c0 > 0x1e0 > > Then we >> 5 them. > > 0xd > 0xe > 0xf > > ... and & 0x3 them > > 0x1 > 0x2 > 0x0
0xd & 0x3 = 1 0xe & 0x3 = 2 0xf & 0x3 = 3 -Scott
