dyncom: Read-after-write in SMLA

In the case when RD === RN, RD was updated before AddOverflow was called to check for an overflow, resulting in an incorrect state of the Q flag.
author: MerryMage 2016-08-22 15:06:35 +0100
committer: MerryMage 2016-08-22 15:13:33 +0100
commit: 15b2eec4bdeadb6287a45c8d6fc77260280b45c8 (patch)
tree: a591c269b37df61ba81873e72ea45bccd8bc8d37 /src
parent: citra: Default to HW renderer. (diff)
download: yuzu-15b2eec4bdeadb6287a45c8d6fc77260280b45c8.tar.gz
yuzu-15b2eec4bdeadb6287a45c8d6fc77260280b45c8.tar.xz
yuzu-15b2eec4bdeadb6287a45c8d6fc77260280b45c8.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/core/arm/dyncom/arm_dyncom_interpreter.cpp b/src/core/arm/dyncom/arm_dyncom_interpreter.cpp
index 6d5fb7aec..c8d45c6db 100644
--- a/src/core/arm/dyncom/arm_dyncom_interpreter.cpp
+++ b/src/core/arm/dyncom/arm_dyncom_interpreter.cpp
@@ -2820,10 +2820,12 @@ unsigned InterpreterMainLoop(ARMul_State* cpu) {
                operand2 = (BIT(RS, 15)) ? (BITS(RS, 0, 15) | 0xffff0000) : BITS(RS, 0, 15);
            else
                operand2 = (BIT(RS, 31)) ? (BITS(RS, 16, 31) | 0xffff0000) : BITS(RS, 16, 31);
-            RD = operand1 * operand2 + RN;
-            if (AddOverflow(operand1 * operand2, RN, RD))
+            u32 product = operand1 * operand2;
+            u32 result = product + RN;
+            if (AddOverflow(product, RN, result))
                cpu->Cpsr |= (1 << 27);
+            RD = result;
        }
        cpu->Reg[15] += cpu->GetInstructionSize();
        INC_PC(sizeof(smla_inst));
author	MerryMage	2016-08-22 15:06:35 +0100
committer	MerryMage	2016-08-22 15:13:33 +0100
commit	15b2eec4bdeadb6287a45c8d6fc77260280b45c8 (patch)
tree	a591c269b37df61ba81873e72ea45bccd8bc8d37 /src
parent	citra: Default to HW renderer. (diff)
download	yuzu-15b2eec4bdeadb6287a45c8d6fc77260280b45c8.tar.gz yuzu-15b2eec4bdeadb6287a45c8d6fc77260280b45c8.tar.xz yuzu-15b2eec4bdeadb6287a45c8d6fc77260280b45c8.zip