From 7a8dd9532da2341268bad39d330a038d4952ca9b Mon Sep 17 00:00:00 2001 From: MerryMage Date: Mon, 22 Aug 2016 15:21:36 +0100 Subject: [PATCH] skyeye: Read-after-write in SMLA In the case when RD === RN, RD was updated before AddOverflow was called to check for an overflow, resulting in an incorrect state of the Q flag. This is reapplying a patch from f12578b9ab21843b33a78ed6082b08f379230f45 that was lost during the 20e253ece2f2c110a28245f252ce184863432c88 update --- tests/skyeye_interpreter/dyncom/arm_dyncom_interpreter.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/skyeye_interpreter/dyncom/arm_dyncom_interpreter.cpp b/tests/skyeye_interpreter/dyncom/arm_dyncom_interpreter.cpp index 0cd3ec93..3f4320d3 100644 --- a/tests/skyeye_interpreter/dyncom/arm_dyncom_interpreter.cpp +++ b/tests/skyeye_interpreter/dyncom/arm_dyncom_interpreter.cpp @@ -2794,10 +2794,12 @@ unsigned InterpreterMainLoop(ARMul_State* cpu) { operand2 = (BIT(RS, 15)) ? (BITS(RS, 0, 15) | 0xffff0000) : BITS(RS, 0, 15); else operand2 = (BIT(RS, 31)) ? (BITS(RS, 16, 31) | 0xffff0000) : BITS(RS, 16, 31); - RD = operand1 * operand2 + RN; - if (AddOverflow(operand1 * operand2, RN, RD)) + u32 product = operand1 * operand2; + u32 result = product + RN; + if (AddOverflow(product, RN, result)) cpu->Cpsr |= (1 << 27); + RD = result; } cpu->Reg[15] += cpu->GetInstructionSize(); INC_PC(sizeof(smla_inst));