Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PowerPC "mfspr r3, DEC" emulation segmentation fault #1909

Closed
dotCirill opened this issue Dec 5, 2023 · 2 comments
Closed

PowerPC "mfspr r3, DEC" emulation segmentation fault #1909

dotCirill opened this issue Dec 5, 2023 · 2 comments

Comments

@dotCirill
Copy link
Contributor

To get the fault you can change in samples/sample_ppc.c line #define PPC_CODE "\x7F\x46\x1A\x14" to #define PPC_CODE "\x7c\x76\x02\xa6". This code (mfspr r3, 0x16) leads to SegFault.

Tested on master, dev branches. Builded with cmake .. -DUNICORN_ARCH=ppc.

>>> Tracing basic block at 0x10000, block size = 0x4
>>> Tracing instruction at 0x10000, instruction size = 0x4
Segmentation fault (core dumped)

The problem is in cpu_ppc_load_decr function in qemu/hw/ppc/ppc.c. It calles _cpu_ppc_load_decr(env, env->tb_env->decr_next), but tb_env is NULL.

This function can be fixed either by returning just some value or by calling cpu_ppc_tb_init (CPUPPCState *env, uint32_t freq).
@dotCirill
Copy link
Contributor Author

The same issue with #define PPC_CODE "\x7c\x0d\x42\xa6" (mfspr r0,TBUr).

It crashes in _cpu_ppc_load_tbu because tb_env is not initialized.

@wtdcode
Copy link
Member

wtdcode commented Dec 5, 2023

PR is highly welcome because I'm deadline-surfing these days.

@dotCirill dotCirill mentioned this issue Dec 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wtdcode @dotCirill