From 5a6bf8301ad933d038f87f3030b00af1d775d5c9 Mon Sep 17 00:00:00 2001 From: Gabe Black Date: Wed, 2 Jun 2010 12:58:17 -0500 Subject: ARM: Detect a bad offset field for the VFP Ldm/Stm instructions in the decoder. --- src/arch/arm/isa/formats/fp.isa | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'src/arch/arm/isa/formats') diff --git a/src/arch/arm/isa/formats/fp.isa b/src/arch/arm/isa/formats/fp.isa index 55668e5f6..1bb15fd5b 100644 --- a/src/arch/arm/isa/formats/fp.isa +++ b/src/arch/arm/isa/formats/fp.isa @@ -96,20 +96,25 @@ let {{ } break; case 0x1: - switch (bits(opcode, 1, 0)) { - case 0x0: - return new VLdmStm(machInst, rn, vd, single, - true, false, false, offset); - case 0x1: - return new VLdmStm(machInst, rn, vd, single, - true, false, true, offset); - case 0x2: - return new VLdmStm(machInst, rn, vd, single, - true, true, false, offset); - case 0x3: - // If rn == sp, then this is called vpop. - return new VLdmStm(machInst, rn, vd, single, - true, true, true, offset); + { + if (offset == 0 || vd + offset > NumFloatArchRegs) { + break; + } + switch (bits(opcode, 1, 0)) { + case 0x0: + return new VLdmStm(machInst, rn, vd, single, + true, false, false, offset); + case 0x1: + return new VLdmStm(machInst, rn, vd, single, + true, false, true, offset); + case 0x2: + return new VLdmStm(machInst, rn, vd, single, + true, true, false, offset); + case 0x3: + // If rn == sp, then this is called vpop. + return new VLdmStm(machInst, rn, vd, single, + true, true, true, offset); + } } case 0x2: if (bits(opcode, 1, 0) == 0x2) { -- cgit v1.2.3