Re: [PATCH] tcg: Fix the overflow in indexing tcg_ctx->temps

2024-04-19 Thread Philippe Mathieu-Daudé
On 19/4/24 12:21, Peter Maydell wrote: On Fri, 19 Apr 2024 at 10:37, 姜智伟 wrote: Peter Maydell wrote: I feel like this might be a bug elsewhere. Can you provide a repro binary and command line? The test file has been attached with RISCV CBO instruction as the first instruction to execute, wi

Re: [PATCH] tcg: Fix the overflow in indexing tcg_ctx->temps

2024-04-19 Thread Peter Maydell
On Fri, 19 Apr 2024 at 10:37, 姜智伟 wrote: > Peter Maydell wrote: > > I feel like this might be a bug elsewhere. Can you provide > > a repro binary and command line? > > The test file has been attached with RISCV CBO instruction as the first > instruction to execute, with command-line arguments as

回复:[PATCH] tcg: Fix the overflow in indexing tcg_ctx->temps

2024-04-19 Thread 姜智伟
> > > On 4/18/24 03:27, Zhiwei Jiang wrote: > > > > Sometimes, when the address of the passed TCGTemp *ts variable is the > > > > same as tcg_ctx, > > > > > > Pardon? When would TCGTemp *ts == TCGContext *tcg_ctx? > > > > > > > > > > the index calculated in the temp_idx function, i.e., ts - > >

Re: [PATCH] tcg: Fix the overflow in indexing tcg_ctx->temps

2024-04-19 Thread Peter Maydell
On Fri, 19 Apr 2024 at 04:49, 姜智伟 wrote: > > > On 4/18/24 03:27, Zhiwei Jiang wrote: > > > Sometimes, when the address of the passed TCGTemp *ts variable is the > > > same as tcg_ctx, > > > > Pardon? When would TCGTemp *ts == TCGContext *tcg_ctx? > > > > > > > the index calculated in the temp_id

回复:[PATCH] tcg: Fix the overflow in indexing tcg_ctx->temps

2024-04-18 Thread 姜智伟
> On 4/18/24 03:27, Zhiwei Jiang wrote: > > Sometimes, when the address of the passed TCGTemp *ts variable is the same > > as tcg_ctx, > > Pardon?  When would TCGTemp *ts == TCGContext *tcg_ctx? > > > > the index calculated in the temp_idx function, i.e., ts - tcg_ctx->temps, > > can result in

Re: [PATCH] tcg: Fix the overflow in indexing tcg_ctx->temps

2024-04-18 Thread Richard Henderson
On 4/18/24 03:27, Zhiwei Jiang wrote: Sometimes, when the address of the passed TCGTemp *ts variable is the same as tcg_ctx, Pardon? When would TCGTemp *ts == TCGContext *tcg_ctx? the index calculated in the temp_idx function, i.e., ts - tcg_ctx->temps, can result in a particularly large v

[PATCH] tcg: Fix the overflow in indexing tcg_ctx->temps

2024-04-18 Thread Zhiwei Jiang
Sometimes, when the address of the passed TCGTemp *ts variable is the same as tcg_ctx, the index calculated in the temp_idx function, i.e., ts - tcg_ctx->temps, can result in a particularly large value, causing overflow in the subsequent array access. 0 0x7f79590132ac in test_bit (addr=, nr