aboutsummaryrefslogtreecommitdiff
path: root/target
diff options
context:
space:
mode:
authorPavel Zbitskiy <pavel.zbitskiy@gmail.com>2018-08-20 22:51:03 -0400
committerCornelia Huck <cohuck@redhat.com>2018-08-28 17:37:01 +0200
commit3cea09271b3b3a0c4d0ffa3b56ea671bf75d82c3 (patch)
tree0220a87aca578f49c0675a4097749395991803b1 /target
parentad8c851d2e772397e0c35148a16a8fbb559b2a2e (diff)
downloadqemu-3cea09271b3b3a0c4d0ffa3b56ea671bf75d82c3.zip
qemu-3cea09271b3b3a0c4d0ffa3b56ea671bf75d82c3.tar.gz
qemu-3cea09271b3b3a0c4d0ffa3b56ea671bf75d82c3.tar.bz2
target/s390x: fix PACK reading 1 byte less and writing 1 byte more
PACK fails on the test from the Principles of Operation: F1F2F3F4 becomes 0000234C instead of 0001234C due to an off-by-one error. Furthermore, it overwrites one extra byte to the left of F1. If len_dest is 0, then we only want to flip the 1st byte and never loop over the rest. Therefore, the loop condition should be > and not >=. If len_src is 1, then we should flip the 1st byte and pack the 2nd. Since len_src is already decremented before the loop, the first condition should be >=, and not >. Likewise for len_src == 2 and the second condition. Signed-off-by: Pavel Zbitskiy <pavel.zbitskiy@gmail.com> Message-Id: <20180821025104.19604-7-pavel.zbitskiy@gmail.com> Reviewed-by: David Hildenbrand <david@redhat.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Diffstat (limited to 'target')
-rw-r--r--target/s390x/mem_helper.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c
index 704d019..bacae4f 100644
--- a/target/s390x/mem_helper.c
+++ b/target/s390x/mem_helper.c
@@ -1019,15 +1019,15 @@ void HELPER(pack)(CPUS390XState *env, uint32_t len, uint64_t dest, uint64_t src)
len_src--;
/* now pack every value */
- while (len_dest >= 0) {
+ while (len_dest > 0) {
b = 0;
- if (len_src > 0) {
+ if (len_src >= 0) {
b = cpu_ldub_data_ra(env, src, ra) & 0x0f;
src--;
len_src--;
}
- if (len_src > 0) {
+ if (len_src >= 0) {
b |= cpu_ldub_data_ra(env, src, ra) << 4;
src--;
len_src--;