1 files changed, 10 insertions, 9 deletions

diff --git a/tcg/tci.c b/tcg/tci.c
index 05a2416..eeccdde 100644
--- a/tcg/tci.c
+++ b/tcg/tci.c
@@ -520,26 +520,27 @@ uintptr_t QEMU_DISABLE_CFI tcg_qemu_tb_exec(CPUArchState *env,
                 ffi_call(pptr[1], pptr[0], stack, call_slots);
             }
 
-            /* Any result winds up "left-aligned" in the stack[0] slot. */
             switch (len) {
             case 0: /* void */
                 break;
             case 1: /* uint32_t */
                 /*
+                 * The result winds up "left-aligned" in the stack[0] slot.
                  * Note that libffi has an odd special case in that it will
                  * always widen an integral result to ffi_arg.
                  */
-                if (sizeof(ffi_arg) == 4) {
+                if (sizeof(ffi_arg) == 8) {
+                    regs[TCG_REG_R0] = (uint32_t)stack[0];
+                } else {
                     regs[TCG_REG_R0] = *(uint32_t *)stack;
-                    break;
                 }
-                /* fall through */
+                break;
             case 2: /* uint64_t */
-                if (TCG_TARGET_REG_BITS == 32) {
-                    tci_write_reg64(regs, TCG_REG_R1, TCG_REG_R0, stack[0]);
-                } else {
-                    regs[TCG_REG_R0] = stack[0];
-                }
+                /*
+                 * For TCG_TARGET_REG_BITS == 32, the register pair
+                 * must stay in host memory order.
+                 */
+                memcpy(&regs[TCG_REG_R0], stack, 8);
                 break;
             default:
                 g_assert_not_reached();