[02/17] target/avr: Fix buffer read in avr_print_insn

Message ID	20250323173730.3213964-3-richard.henderson@linaro.org
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; From: Richard Henderson <richard.henderson@linaro.org> To: qemu-devel@nongnu.org Cc: mrolnik@gmail.com, philmd@linaro.org, pierrick.bouvier@linaro.org, qemu-stable@nongnu.org Subject: [PATCH 02/17] target/avr: Fix buffer read in avr_print_insn Date: Sun, 23 Mar 2025 10:37:14 -0700 Message-ID: <20250323173730.3213964-3-richard.henderson@linaro.org> In-Reply-To: <20250323173730.3213964-1-richard.henderson@linaro.org> References: <20250323173730.3213964-1-richard.henderson@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::629; envelope-from=richard.henderson@linaro.org; helo=mail-pl1-x629.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
Series	target/avr: Increase page size \| expand [00/17] target/avr: Increase page size [01/17] hw/core/cpu: Use size_t for memory_rw_debug len argument [02/17] target/avr: Fix buffer read in avr_print_insn [03/17] target/avr: Improve decode of LDS, STS [04/17] target/avr: Remove OFFSET_CPU_REGISTERS [05/17] target/avr: Move cpu register accesses into system memory [06/17] target/avr: Use cpu_stb_mmuidx_ra in helper_fullwr [07/17] target/avr: Use do_stb in avr_cpu_do_interrupt [08/17] target/avr: Add offset-io cpu property [09/17] target/avr: Introduce gen_data_{load,store}_raw [10/17] target/avr: Update cpu_sp after push and pop [11/17] target/avr: Implement CPUState.memory_rw_debug [12/17] target/avr: Handle offset_io in helper.c [13/17] target/avr: Handle offset_io in avr_cpu_realizefn [14/17] hw/avr: Set offset_io and increase page size to 1k [15/17] hw/avr: Pass mcu_type to class_base_init via .class_data [16/17] hw/avr: Move AtmegaMcuClass to atmega.h [17/17] target/avr: Enable TARGET_PAGE_BITS_VARY

Message ID

20250323173730.3213964-3-richard.henderson@linaro.org

State

Superseded

Headers

Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: mrolnik@gmail.com, philmd@linaro.org, pierrick.bouvier@linaro.org,
 qemu-stable@nongnu.org
Subject: [PATCH 02/17] target/avr: Fix buffer read in avr_print_insn
Date: Sun, 23 Mar 2025 10:37:14 -0700
Message-ID: <20250323173730.3213964-3-richard.henderson@linaro.org>
In-Reply-To: <20250323173730.3213964-1-richard.henderson@linaro.org>
References: <20250323173730.3213964-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::629;
 envelope-from=richard.henderson@linaro.org; helo=mail-pl1-x629.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

Series

target/avr: Increase page size | expand

Commit Message

Richard Henderson March 23, 2025, 5:37 p.m. UTC

Do not unconditionally attempt to read 4 bytes, as there
may only be 2 bytes remaining in the translator cache.

Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 target/avr/disas.c | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

Comments

Pierrick Bouvier March 25, 2025, 12:52 a.m. UTC | #1

On 3/23/25 10:37, Richard Henderson wrote:
> Do not unconditionally attempt to read 4 bytes, as there
> may only be 2 bytes remaining in the translator cache.
> 
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>   target/avr/disas.c | 21 ++++++++++++++-------
>   1 file changed, 14 insertions(+), 7 deletions(-)
> 
> diff --git a/target/avr/disas.c b/target/avr/disas.c
> index b7689e8d7c..d341030174 100644
> --- a/target/avr/disas.c
> +++ b/target/avr/disas.c
> @@ -68,28 +68,35 @@ static bool decode_insn(DisasContext *ctx, uint16_t insn);
>   
>   int avr_print_insn(bfd_vma addr, disassemble_info *info)
>   {
> -    DisasContext ctx;
> +    DisasContext ctx = { info };
>       DisasContext *pctx = &ctx;
>       bfd_byte buffer[4];
>       uint16_t insn;
>       int status;
>   
> -    ctx.info = info;
> -
> -    status = info->read_memory_func(addr, buffer, 4, info);
> +    status = info->read_memory_func(addr, buffer, 2, info);
>       if (status != 0) {
>           info->memory_error_func(status, addr, info);
>           return -1;
>       }
>       insn = bfd_getl16(buffer);
> -    ctx.next_word = bfd_getl16(buffer + 2);
> -    ctx.next_word_used = false;
> +
> +    status = info->read_memory_func(addr + 2, buffer + 2, 2, info);
> +    if (status == 0) {
> +        ctx.next_word = bfd_getl16(buffer + 2);
> +    }
>   
>       if (!decode_insn(&ctx, insn)) {
>           output(".db", "0x%02x, 0x%02x", buffer[0], buffer[1]);
>       }
>   
> -    return ctx.next_word_used ? 4 : 2;
> +    if (!ctx.next_word_used) {
> +        return 2;
> +    } else if (status == 0) {
> +        return 4;
> +    }
> +    info->memory_error_func(status, addr + 2, info);
> +    return -1;
>   }
>   
>   

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>

diff --git a/target/avr/disas.c b/target/avr/disas.c
index b7689e8d7c..d341030174 100644
--- a/target/avr/disas.c
+++ b/target/avr/disas.c
@@ -68,28 +68,35 @@  static bool decode_insn(DisasContext *ctx, uint16_t insn);
 
 int avr_print_insn(bfd_vma addr, disassemble_info *info)
 {
-    DisasContext ctx;
+    DisasContext ctx = { info };
     DisasContext *pctx = &ctx;
     bfd_byte buffer[4];
     uint16_t insn;
     int status;
 
-    ctx.info = info;
-
-    status = info->read_memory_func(addr, buffer, 4, info);
+    status = info->read_memory_func(addr, buffer, 2, info);
     if (status != 0) {
         info->memory_error_func(status, addr, info);
         return -1;
     }
     insn = bfd_getl16(buffer);
-    ctx.next_word = bfd_getl16(buffer + 2);
-    ctx.next_word_used = false;
+
+    status = info->read_memory_func(addr + 2, buffer + 2, 2, info);
+    if (status == 0) {
+        ctx.next_word = bfd_getl16(buffer + 2);
+    }
 
     if (!decode_insn(&ctx, insn)) {
         output(".db", "0x%02x, 0x%02x", buffer[0], buffer[1]);
     }
 
-    return ctx.next_word_used ? 4 : 2;
+    if (!ctx.next_word_used) {
+        return 2;
+    } else if (status == 0) {
+        return 4;
+    }
+    info->memory_error_func(status, addr + 2, info);
+    return -1;
 }

[02/17] target/avr: Fix buffer read in avr_print_insn

Commit Message

Comments

Patch