diff options
author | Pavel Zbitskiy <pavel.zbitskiy@gmail.com> | 2018-08-20 22:51:03 -0400 |
---|---|---|
committer | Cornelia Huck <cohuck@redhat.com> | 2018-08-28 17:37:01 +0200 |
commit | 3cea09271b3b3a0c4d0ffa3b56ea671bf75d82c3 (patch) | |
tree | 0220a87aca578f49c0675a4097749395991803b1 /target | |
parent | ad8c851d2e772397e0c35148a16a8fbb559b2a2e (diff) | |
download | qemu-3cea09271b3b3a0c4d0ffa3b56ea671bf75d82c3.zip qemu-3cea09271b3b3a0c4d0ffa3b56ea671bf75d82c3.tar.gz qemu-3cea09271b3b3a0c4d0ffa3b56ea671bf75d82c3.tar.bz2 |
target/s390x: fix PACK reading 1 byte less and writing 1 byte more
PACK fails on the test from the Principles of Operation: F1F2F3F4
becomes 0000234C instead of 0001234C due to an off-by-one error.
Furthermore, it overwrites one extra byte to the left of F1.
If len_dest is 0, then we only want to flip the 1st byte and never loop
over the rest. Therefore, the loop condition should be > and not >=.
If len_src is 1, then we should flip the 1st byte and pack the 2nd.
Since len_src is already decremented before the loop, the first
condition should be >=, and not >.
Likewise for len_src == 2 and the second condition.
Signed-off-by: Pavel Zbitskiy <pavel.zbitskiy@gmail.com>
Message-Id: <20180821025104.19604-7-pavel.zbitskiy@gmail.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Diffstat (limited to 'target')
-rw-r--r-- | target/s390x/mem_helper.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/target/s390x/mem_helper.c b/target/s390x/mem_helper.c index 704d019..bacae4f 100644 --- a/target/s390x/mem_helper.c +++ b/target/s390x/mem_helper.c @@ -1019,15 +1019,15 @@ void HELPER(pack)(CPUS390XState *env, uint32_t len, uint64_t dest, uint64_t src) len_src--; /* now pack every value */ - while (len_dest >= 0) { + while (len_dest > 0) { b = 0; - if (len_src > 0) { + if (len_src >= 0) { b = cpu_ldub_data_ra(env, src, ra) & 0x0f; src--; len_src--; } - if (len_src > 0) { + if (len_src >= 0) { b |= cpu_ldub_data_ra(env, src, ra) << 4; src--; len_src--; |