From 2ce696baa6fc5d99522cf387b6a4913807fd43ed Mon Sep 17 00:00:00 2001
From: Filip Navara <filip.navara@gmail.com>
Date: Fri, 21 Aug 2009 08:37:41 +0200
Subject: [PATCH] =?utf8?q?Fix=20bugs=20reported=20by=20Juha=20Riihim=C3=A4?=
 =?utf8?q?ki=20<juha.riihimaki@nokia.com>:?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

i) in function gen_bx_im, the last line (should be line 695 in your git HEAD) should be "tcg_gen_movi_i32..." instead of "tcg_gen_mov_i32". Otherwise BX/BLX immediate instructions will segfault QEMU.

ii) you have a resource leak in disas_vfp_insn; on line 3129 in your git HEAD, you have allocated a new temporary (addr) but if the if-expression on line 3129 is true, it will not be released - I fixed this by adding a "dead_tmp(addr);" line between lines 3141 and 3142 (i.e. the last line of the if-block).

iii) you have another resource issue in disas_thumb_insn; line 8306 should read "if (op != 0xf) dead_tmp(tmp);" instead of just plain "dead_tmp(tmp);" -- this is because in the above code the temporary variable tmp is not initialized if op==0xf and calling dead_tmp on it will cause problems.

Signed-off-by: Filip Navara <filip.navara@gmail.com>
---
 target-arm/translate.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/target-arm/translate.c b/target-arm/translate.c
index b6f403b337..facccbe28d 100644
--- a/target-arm/translate.c
+++ b/target-arm/translate.c
@@ -692,7 +692,7 @@ static inline void gen_bx_im(DisasContext *s, uint32_t addr)
         tcg_gen_st_i32(tmp, cpu_env, offsetof(CPUState, thumb));
         dead_tmp(tmp);
     }
-    tcg_gen_mov_i32(cpu_R[15], addr & ~1);
+    tcg_gen_movi_i32(cpu_R[15], addr & ~1);
 }
 
 /* Set PC and Thumb state from var.  var is marked as dead.  */
@@ -3139,6 +3139,7 @@ static int disas_vfp_insn(CPUState * env, DisasContext *s, uint32_t insn)
                     gen_mov_F0_vreg(dp, rd);
                     gen_vfp_st(s, dp, addr);
                 }
+                dead_tmp(addr);
             } else {
                 /* load/store multiple */
                 if (dp)
@@ -8303,7 +8304,8 @@ static void disas_thumb_insn(CPUState *env, DisasContext *s)
         if (rd != 16) {
             if (val) {
                 store_reg(s, rm, tmp2);
-                dead_tmp(tmp);
+                if (op != 0xf)
+                    dead_tmp(tmp);
             } else {
                 store_reg(s, rd, tmp);
                 dead_tmp(tmp2);
-- 
2.11.4.GIT