diff --git a/qemu/target-arm/translate.c b/qemu/target-arm/translate.c
index 8a653ead..94b0665d 100644
--- a/qemu/target-arm/translate.c
+++ b/qemu/target-arm/translate.c
@@ -8910,6 +8910,10 @@ static void disas_arm_insn(DisasContext *s, unsigned int insn)  // qq
                         ARCH(6T2);
                         shift = (insn >> 7) & 0x1f;
                         i = (insn >> 16) & 0x1f;
+                        if (i < shift) {
+                            /* UNPREDICTABLE; we choose to UNDEF */
+                            goto illegal_op;
+                        }
                         i = i + 1 - shift;
                         if (rm == 15) {
                             tmp = tcg_temp_new_i32(tcg_ctx);