From: Fabiano Rosas <farosas@linux.ibm.com>
Date: Tue, 4 Jan 2022 06:55:34 +0000 (+0100)
Subject: target/ppc: powerpc_excp: Add excp_vectors bounds check
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=2541e686589a86167cbee98162d3fde2bbf67bc2;p=qmiga%2Fqemu.git

target/ppc: powerpc_excp: Add excp_vectors bounds check

The next patch will start accessing the excp_vectors array earlier in
the function, so add a bounds check as first thing here.

This converts the empty return on POWERPC_EXCP_NONE to an error. This
exception number never reaches this function and if it does it
probably means something else went wrong up the line.

Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20211229165751.3774248-3-farosas@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
---

diff --git a/target/ppc/excp_helper.c b/target/ppc/excp_helper.c
index c7efbdc305..9e7c428821 100644
--- a/target/ppc/excp_helper.c
+++ b/target/ppc/excp_helper.c
@@ -372,6 +372,10 @@ static void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp)
     target_ulong msr, new_msr, vector;
     int srr0, srr1, lev = -1;
 
+    if (excp <= POWERPC_EXCP_NONE || excp >= POWERPC_EXCP_NB) {
+        cpu_abort(cs, "Invalid PowerPC exception %d. Aborting\n", excp);
+    }
+
     qemu_log_mask(CPU_LOG_INT, "Raise exception at " TARGET_FMT_lx
                   " => %s (%d) error=%02x\n", env->nip, powerpc_excp_name(excp),
                   excp, env->error_code);
@@ -426,9 +430,6 @@ static void powerpc_excp(PowerPCCPU *cpu, int excp_model, int excp)
 #endif
 
     switch (excp) {
-    case POWERPC_EXCP_NONE:
-        /* Should never happen */
-        return;
     case POWERPC_EXCP_CRITICAL:    /* Critical input                         */
         switch (excp_model) {
         case POWERPC_EXCP_40x: