s390x/tcg: Fix BRCL with a large negative offset

When RI2 is 0x80000000, qemu enters an infinite loop instead of jumping backwards. Fix by adding a missing cast, like in in2_ri2(). Fixes: 7233f2ed1717 ("target-s390: Convert BRANCH ON CONDITION") Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Message-Id: <20220314104232.675863-3-iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
author: Ilya Leoshkevich <iii@linux.ibm.com> 2022-03-14 11:42:31 +0100
committer: Thomas Huth <thuth@redhat.com> 2022-03-16 08:43:10 +0100
commit: 16ed5f14215b20c8dc49b96e2149032ba3238beb (patch)
tree: 9bb7b56bb2cde5a47a26d7d6cc3125c996fb62b9 /target/s390x
parent: fc3dd86a290a9c7c3c3273961b03058ae8f1d49f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 41c8696185..5acfc0ff9b 100644
--- a/target/s390x/tcg/translate.c
+++ b/target/s390x/tcg/translate.c
@@ -1201,7 +1201,7 @@ static DisasJumpType help_branch(DisasContext *s, DisasCompare *c,
                                  bool is_imm, int imm, TCGv_i64 cdest)
 {
     DisasJumpType ret;
-    uint64_t dest = s->base.pc_next + 2 * imm;
+    uint64_t dest = s->base.pc_next + (int64_t)imm * 2;
     TCGLabel *lab;
 
     /* Take care of the special cases first.  */
author	Ilya Leoshkevich <iii@linux.ibm.com>	2022-03-14 11:42:31 +0100
committer	Thomas Huth <thuth@redhat.com>	2022-03-16 08:43:10 +0100
commit	16ed5f14215b20c8dc49b96e2149032ba3238beb (patch)
tree	9bb7b56bb2cde5a47a26d7d6cc3125c996fb62b9 /target/s390x
parent	fc3dd86a290a9c7c3c3273961b03058ae8f1d49f (diff)