Google Git
Sign in
qemu / qemu / 43d70ddf9f96b3ad037abe4d5f9f2768196b8c92
commit43d70ddf9f96b3ad037abe4d5f9f2768196b8c92[log] [tgz]
authorPaolo Bonzini <pbonzini@redhat.com>Sun Jan 29 12:00:59 2017 +0100
committerPaolo Bonzini <pbonzini@redhat.com>Thu Feb 16 14:06:56 2017 +0100
tree30df0ebeb3cac4120ade0cb8a0bbb152e58d058f
parentd9ff1d35c5242d73e7923ae259e065739090db54 [diff]
cpu-exec: fix icount out-of-bounds access

When icount is active, tb_add_jump is surprisingly called with an
out of bounds basic block index.  I have no idea how that can work,
but it does not seem like a good idea.  Clear *last_tb for all
TB_EXIT_ICOUNT_EXPIRED cases, even when all you have to do is
refill icount_extra.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2 files changed
tree: 30df0ebeb3cac4120ade0cb8a0bbb152e58d058f
  1. audio/
  2. backends/
  3. block/
  4. bsd-user/
  5. chardev/
  6. contrib/
  7. crypto/
  8. default-configs/
  9. disas/
  10. docs/
  11. fpu/
  12. fsdev/
  13. gdb-xml/
  14. hw/
  15. include/
  16. io/
  17. libdecnumber/
  18. linux-headers/
  19. linux-user/
  20. migration/
  21. nbd/
  22. net/
  23. pc-bios/
  24. po/
  25. qapi/
  26. qga/
  27. qobject/
  28. qom/
  29. replay/
  30. roms/
  31. scripts/
  32. slirp/
  33. stubs/
  34. target/
  35. tcg/
  36. tests/
  37. trace/
  38. ui/
  39. util/
  40. dtc
  41. pixman
  42. .dir-locals.el
  43. .exrc
  44. .gitignore
  45. .gitmodules
  46. .mailmap
  47. .travis.yml
  48. accel.c
  49. aio-posix.c
  50. aio-win32.c
  51. arch_init.c
  52. async.c
  53. atomic_template.h
  54. balloon.c
  55. block.c
  56. blockdev-nbd.c
  57. blockdev.c
  58. blockjob.c
  59. bootdevice.c
  60. bt-host.c
  61. bt-vhci.c
  62. Changelog
  63. CODING_STYLE
  64. configure
  65. COPYING
  66. COPYING.LIB
  67. cpu-exec-common.c
  68. cpu-exec.c
  69. cpus-common.c
  70. cpus.c
  71. cputlb.c
  72. device-hotplug.c
  73. device_tree.c
  74. disas.c
  75. dma-helpers.c
  76. dump.c
  77. exec.c
  78. gdbstub.c
  79. HACKING
  80. hax-stub.c
  81. hmp-commands-info.hx
  82. hmp-commands.hx
  83. hmp.c
  84. hmp.h
  85. iohandler.c
  86. ioport.c
  87. iothread.c
  88. kvm-all.c
  89. kvm-stub.c
  90. LICENSE
  91. main-loop.c
  92. MAINTAINERS
  93. Makefile
  94. Makefile.objs
  95. Makefile.target
  96. memory.c
  97. memory_ldst.inc.c
  98. memory_mapping.c
  99. module-common.c
  100. monitor.c
  101. numa.c
  102. os-posix.c
  103. os-win32.c
  104. page_cache.c
  105. qapi-schema.json
  106. qdev-monitor.c
  107. qdict-test-data.txt
  108. qemu-bridge-helper.c
  109. qemu-doc.texi
  110. qemu-ga.texi
  111. qemu-img-cmds.hx
  112. qemu-img.c
  113. qemu-img.texi
  114. qemu-io-cmds.c
  115. qemu-io.c
  116. qemu-nbd.c
  117. qemu-nbd.texi
  118. qemu-option-trace.texi
  119. qemu-options-wrapper.h
  120. qemu-options.h
  121. qemu-options.hx
  122. qemu-seccomp.c
  123. qemu-tech.texi
  124. qemu-timer.c
  125. qemu.nsi
  126. qemu.sasl
  127. qmp.c
  128. qtest.c
  129. README
  130. replication.c
  131. replication.h
  132. rules.mak
  133. softmmu_template.h
  134. spice-qemu-char.c
  135. tcg-runtime.c
  136. tci.c
  137. thread-pool.c
  138. thunk.c
  139. tpm.c
  140. trace-events
  141. translate-all.c
  142. translate-all.h
  143. translate-common.c
  144. user-exec-stub.c
  145. user-exec.c
  146. VERSION
  147. version.rc
  148. vl.c
  149. xen-common-stub.c
  150. xen-common.c
  151. xen-hvm-stub.c
  152. xen-hvm.c
  153. xen-mapcache.c