diff options
author | Blue Swirl <blauwirbel@gmail.com> | 2011-05-14 14:03:22 +0000 |
---|---|---|
committer | Blue Swirl <blauwirbel@gmail.com> | 2011-06-26 18:25:44 +0000 |
commit | b591dc59bc98ee558db4ca512aa117748ebfdeef (patch) | |
tree | 51eda8901a6cdf075292d9e2a4ff9cbf5430bba1 | |
parent | 614f104dfd2bf6d25170fb0afc086920cc7c407b (diff) | |
download | qemu-b591dc59bc98ee558db4ca512aa117748ebfdeef.zip qemu-b591dc59bc98ee558db4ca512aa117748ebfdeef.tar.gz qemu-b591dc59bc98ee558db4ca512aa117748ebfdeef.tar.bz2 |
TCG: fix negative frame offset calculations
size_t is unsigned, so the frame offset calculations can be incorrect for
negative offsets.
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
-rw-r--r-- | tcg/tcg.c | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -1439,13 +1439,17 @@ static void temp_allocate_frame(TCGContext *s, int temp) { TCGTemp *ts; ts = &s->temps[temp]; - s->current_frame_offset = (s->current_frame_offset + sizeof(tcg_target_long) - 1) & ~(sizeof(tcg_target_long) - 1); - if (s->current_frame_offset + sizeof(tcg_target_long) > s->frame_end) + s->current_frame_offset = (s->current_frame_offset + + (tcg_target_long)sizeof(tcg_target_long) - 1) & + ~(sizeof(tcg_target_long) - 1); + if (s->current_frame_offset + (tcg_target_long)sizeof(tcg_target_long) > + s->frame_end) { tcg_abort(); + } ts->mem_offset = s->current_frame_offset; ts->mem_reg = s->frame_reg; ts->mem_allocated = 1; - s->current_frame_offset += sizeof(tcg_target_long); + s->current_frame_offset += (tcg_target_long)sizeof(tcg_target_long); } /* free register 'reg' by spilling the corresponding temporary if necessary */ |