In commit
7390e0e9ab8475, we added support for SME loads and stores.
Unlike SVE loads and stores, these include handling of 128-bit
elements. The SME load/store functions call down into the existing
sve_cont_ldst_elements() function, which uses the element size MO_*
value as an index into the pred_esz_masks[] array. Because this code
path now has to handle MO_128, we need to add an extra element to the
array.
This bug was spotted by Coverity because it meant we were reading off
the end of the array.
Resolves: Coverity CID
1490539,
1490541,
1490543,
1490544,
1490545,
1490546,
1490548,
1490549,
1490550,
1490551,
1490555,
1490557,
1490558,
1490560,
1490561,
1490563
Fixes: 7390e0e9ab8475 ("target/arm: Implement SME LD1, ST1")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20220718100144.
3248052-1-peter.maydell@linaro.org
}
/* Shared between translate-sve.c and sve_helper.c. */
-extern const uint64_t pred_esz_masks[4];
+extern const uint64_t pred_esz_masks[5];
/* Helper for the macros below, validating the argument type. */
static inline MemTxAttrs *typecheck_memtxattrs(MemTxAttrs *x)
}
/* For each element size, the bits within a predicate word that are active. */
-const uint64_t pred_esz_masks[4] = {
+const uint64_t pred_esz_masks[5] = {
0xffffffffffffffffull, 0x5555555555555555ull,
- 0x1111111111111111ull, 0x0101010101010101ull
+ 0x1111111111111111ull, 0x0101010101010101ull,
+ 0x0001000100010001ull,
};
static bool trans_INVALID(DisasContext *s, arg_INVALID *a)
projects / qemu.git / commitdiff