From cb879422e9bc8edb185eaeed485099ba5d70463f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 15 Jun 2018 12:18:38 -0400 Subject: [PATCH] exec.c: Don't accidentally sign-extend 4-byte loads in subpage_read() In subpage_read() we perform a load of the data into a local buffer which we then access using ldub_p(), lduw_p(), ldl_p() or ldq_p() depending on its size, storing the result into the uint64_t *data. Since ldl_p() returns an 'int', this means that for the 4-byte case we will sign-extend the data, whereas for 1 and 2 byte reads we zero-extend it. This ought not to matter since the caller will likely ignore values in the high bytes of the data, but add a cast so that we're consistent. Backports commit 22672c6075a16d1998e37686f02ed4bd2fb30f78 from qemu --- qemu/exec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu/exec.c b/qemu/exec.c index 5c490044..f5c1a9a1 100644 --- a/qemu/exec.c +++ b/qemu/exec.c @@ -1636,7 +1636,7 @@ static MemTxResult subpage_read(struct uc_struct* uc, void *opaque, hwaddr addr, *data = lduw_p(buf); return MEMTX_OK; case 4: - *data = ldl_p(buf); + *data = (uint32_t)ldl_p(buf); return MEMTX_OK; case 8: *data = ldq_p(buf);