target/tricore: Fix out-of-bounds index in imask instruction

When translating "imask" instruction of Tricore architecture, QEMU did not check whether the register index was out of bounds, resulting in a global-buffer-overflow. Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698 Reported-by: Siqi Chen <coc.cyqh@gmail.com> Signed-off-by: Siqi Chen <coc.cyqh@gmail.com> Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com> Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de>
author: Siqi Chen <coc.cyqh@gmail.com> 2023-06-12 13:32:42 +0200
committer: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> 2023-06-21 18:09:54 +0200
commit: d34b092cab606a47a0d76edde45aab7100bb2435 (patch)
tree: eb0dedfe1b506b2ef559b20f44d5587cd255488f /target/tricore
parent: 0b9f9b63c2d1e26cfe4e593f384898837c7c941f (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/target/tricore/translate.c b/target/tricore/translate.c
index 6712d98f6e..74faad4794 100644
--- a/target/tricore/translate.c
+++ b/target/tricore/translate.c
@@ -5339,6 +5339,7 @@ static void decode_rcrw_insert(DisasContext *ctx)
 
     switch (op2) {
     case OPC2_32_RCRW_IMASK:
+        CHECK_REG_PAIR(r4);
         tcg_gen_andi_tl(temp, cpu_gpr_d[r3], 0x1f);
         tcg_gen_movi_tl(temp2, (1 << width) - 1);
         tcg_gen_shl_tl(cpu_gpr_d[r4 + 1], temp2, temp);
author	Siqi Chen <coc.cyqh@gmail.com>	2023-06-12 13:32:42 +0200
committer	Bastian Koppelmann <kbastian@mail.uni-paderborn.de>	2023-06-21 18:09:54 +0200
commit	d34b092cab606a47a0d76edde45aab7100bb2435 (patch)
tree	eb0dedfe1b506b2ef559b20f44d5587cd255488f /target/tricore
parent	0b9f9b63c2d1e26cfe4e593f384898837c7c941f (diff)