From 639824853405fb8d4a6f4be4c0301bf84f4b5785 Mon Sep 17 00:00:00 2001
From: Chen Huitao <h980501427@163.com>
Date: Fri, 17 Jan 2020 17:23:39 +0800
Subject: [PATCH] fix some oss-fuzz (#1191)

* fix oss-fuzz 10419.

* fix oss-fuzz 10427.

* fix oss-fuzz 10421.

* fix oss-fuzz 10422.

* fix oss-fuzz 10425.

* fix oss-fuzz 10426.

* fix oss-fuzz 10426.

* fix oss-fuzz 10422.

* fix oss-fuzz  10426.

* fix oss-fuzz 10456.

* fix oss-fuzz 10428.

* fix oss-fuzz 10429.

* fix oss-fuzz 10431.

* fix oss-fuzz 10435.

* fix oss-fuzz 10430.

* fix oss-fuzz 10436.

* remove unused var.

* fix oss-fuzz 10449.

* fix oss-fuzz 10452.

* fix oss-fuzz 11792.

* fix oss-fuzz 10457.

* fix oss-fuzz 11737.

* fix oss-fuzz 10458.

* fix oss-fuzz 10565.

* fix oss-fuzz 11651.

* fix oss-fuzz 10497.

* fix oss-fuzz 10515.

* fix oss-fuzz 10586.

* fix oss-fuzz 10597.

* fiz oss-fuzz 11721.

* fix oss-fuzz 10718.

* fix oss-fuzz 15610.

* fix oss-fuzz 10512.

* fix oss-fuzz 10545.

* fix oss-fuzz 10598.

* fix oss-fuzz 11112.

* fix oss-fuzz 11589.

* fix oss-fuzz 10674.

* git fix oss-fuzz 19610.

* fix oss-fuzz 19848.

* fix oss-fuzz 19851.

* fix oss-fuzz 19852.

* fix oss-fuzz 10878.

* fix oss-fuzz 11655.

* fix oss-fuzz 19849.

* fix oss-fuzz 11765.

* fix oss-fuzz 10337.

* fix oss-fuzz 10575.

* fix oss-fuzz 19877.

* fix oss-fuzz 19895.

* fix oss-fuzz 19896.

* fix oss-fuzz 19897.

* remove verbose fprintf output.

* fix oss-fuzz 19943.

* fix oss-fuzz 20026.

* fix oss-fuzz 20027.

* fix oss-fuzz 19967.

* fix oss-fuzz 19946.

* fix oss-fuzz 20069.

* fix oss-fuzz 20071.

* fix oss-fuzz 20073.

* fix oss-fuzz 20075.

* fix oss-fuzz 20076.

* fix a operation mistake.

* fix oss-fuzz 20101.

* fix oss-fuzz 20152.

* fix oss-fuzz 20101.

* fix oss-fuzz 20154.
---
 qemu/fpu/softfloat.c         | 10 +++++-----
 qemu/target-i386/ops_sse.h   |  2 +-
 qemu/target-mips/translate.c | 10 +++++-----
 qemu/target-sparc/helper.c   |  2 +-
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/qemu/fpu/softfloat.c b/qemu/fpu/softfloat.c
index 2792012b..c9b1785b 100644
--- a/qemu/fpu/softfloat.c
+++ b/qemu/fpu/softfloat.c
@@ -1220,7 +1220,7 @@ float64 int32_to_float64(int32_t a STATUS_PARAM)
 
     if ( a == 0 ) return float64_zero;
     zSign = ( a < 0 );
-    absA = (zSign & (a != 0x80000000)) ? - a : a;
+    absA = (zSign && (a != 0x80000000)) ? - a : a;
     shiftCount = countLeadingZeros32( absA ) + 21;
     zSig = absA;
     return packFloat64( zSign, 0x432 - shiftCount, zSig<<shiftCount );
@@ -1265,7 +1265,7 @@ float128 int32_to_float128(int32_t a STATUS_PARAM)
 
     if ( a == 0 ) return packFloat128( 0, 0, 0, 0 );
     zSign = ( a < 0 );
-    absA = zSign ? - a : a;
+    absA = (zSign && a!= 0x80000000) ? - a : a;
     shiftCount = countLeadingZeros32( absA ) + 17;
     zSig0 = absA;
     return packFloat128( zSign, 0x402E - shiftCount, zSig0<<shiftCount, 0 );
@@ -1286,7 +1286,7 @@ float32 int64_to_float32(int64_t a STATUS_PARAM)
 
     if ( a == 0 ) return float32_zero;
     zSign = ( a < 0 );
-    absA = zSign ? - a : a;
+    absA = (zSign && a != 0x8000000000000000ULL) ? - a : a;
     shiftCount = countLeadingZeros64( absA ) - 40;
     if ( 0 <= shiftCount ) {
         return packFloat32( zSign, 0x95 - shiftCount, (uint32_t)(absA<<shiftCount) );
@@ -1373,7 +1373,7 @@ floatx80 int64_to_floatx80(int64_t a STATUS_PARAM)
 
     if ( a == 0 ) return packFloatx80( 0, 0, 0 );
     zSign = ( a < 0 );
-    absA = zSign ? - a : a;
+    absA = (zSign && a != 0x8000000000000000ULL) ? - a : a;
     shiftCount = countLeadingZeros64( absA );
     return packFloatx80( zSign, 0x403E - shiftCount, absA<<shiftCount );
 
@@ -1395,7 +1395,7 @@ float128 int64_to_float128(int64_t a STATUS_PARAM)
 
     if ( a == 0 ) return packFloat128( 0, 0, 0, 0 );
     zSign = ( a < 0 );
-    absA = zSign ? - a : a;
+    absA = (zSign && a!= 0x8000000000000000ULL) ? - a : a;
     shiftCount = countLeadingZeros64( absA ) + 49;
     zExp = 0x406E - shiftCount;
     if ( 64 <= shiftCount ) {
diff --git a/qemu/target-i386/ops_sse.h b/qemu/target-i386/ops_sse.h
index ec9e7d2a..e5fa7c7f 100644
--- a/qemu/target-i386/ops_sse.h
+++ b/qemu/target-i386/ops_sse.h
@@ -854,7 +854,7 @@ static inline uint64_t helper_extrq(uint64_t src, int shift, int len)
     } else {
         mask = (1ULL << (len & 0x3f)) - 1;
     }
-    return (src >> shift) & mask;
+    return (src >> (shift & 0x3f)) & mask;
 }
 
 void helper_extrq_r(CPUX86State *env, XMMReg *d, XMMReg *s)
diff --git a/qemu/target-mips/translate.c b/qemu/target-mips/translate.c
index 8f54ca55..93812760 100644
--- a/qemu/target-mips/translate.c
+++ b/qemu/target-mips/translate.c
@@ -8505,7 +8505,7 @@ static void gen_movci (DisasContext *ctx, int rd, int rs, int cc, int tf)
 
     l1 = gen_new_label(tcg_ctx);
     t0 = tcg_temp_new_i32(tcg_ctx);
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << (get_fp_bit(cc) & 0x1f));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
     tcg_temp_free_i32(tcg_ctx, t0);
     if (rs == 0) {
@@ -8528,7 +8528,7 @@ static inline void gen_movcf_s (DisasContext *ctx, int fs, int fd, int cc, int t
     else
         cond = TCG_COND_NE;
 
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << (get_fp_bit(cc) & 0x1f));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
     gen_load_fpr32(ctx, t0, fs);
     gen_store_fpr32(ctx, t0, fd);
@@ -8549,7 +8549,7 @@ static inline void gen_movcf_d (DisasContext *ctx, int fs, int fd, int cc, int t
     else
         cond = TCG_COND_NE;
 
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << (get_fp_bit(cc) & 0x1f));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
     tcg_temp_free_i32(tcg_ctx, t0);
     fp0 = tcg_temp_new_i64(tcg_ctx);
@@ -8573,13 +8573,13 @@ static inline void gen_movcf_ps(DisasContext *ctx, int fs, int fd,
     else
         cond = TCG_COND_NE;
 
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << (get_fp_bit(cc) & 0x1f));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l1);
     gen_load_fpr32(ctx, t0, fs);
     gen_store_fpr32(ctx, t0, fd);
     gen_set_label(tcg_ctx, l1);
 
-    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << get_fp_bit(cc+1));
+    tcg_gen_andi_i32(tcg_ctx, t0, tcg_ctx->fpu_fcr31, 1U << (get_fp_bit(cc+1) & 0x1f));
     tcg_gen_brcondi_i32(tcg_ctx, cond, t0, 0, l2);
     gen_load_fpr32h(ctx, t0, fs);
     gen_store_fpr32h(ctx, t0, fd);
diff --git a/qemu/target-sparc/helper.c b/qemu/target-sparc/helper.c
index 8f60d0ae..e4ae5d40 100644
--- a/qemu/target-sparc/helper.c
+++ b/qemu/target-sparc/helper.c
@@ -116,7 +116,7 @@ static target_ulong helper_sdiv_common(CPUSPARCState *env, target_ulong a,
     int64_t x0;
     int32_t x1;
 
-    x0 = (a & 0xffffffff) | ((int64_t) (env->y) << 32);
+    x0 = (a & 0xffffffff) | ((uint64_t) (env->y) << 32);
     x1 = (b & 0xffffffff);
 
     if (x1 == 0) {