dyncom: Read-after-write in SMLA

In the case when RD === RN, RD was updated before AddOverflow was called to check for an overflow, resulting in an incorrect state of the Q flag.
author: MerryMage <MerryMage@users.noreply.github.com> 2016-08-22 15:06:35 +0100
committer: MerryMage <MerryMage@users.noreply.github.com> 2016-08-22 15:13:33 +0100
commit: 15b2eec4bdeadb6287a45c8d6fc77260280b45c8 (patch)
tree: a591c269b37df61ba81873e72ea45bccd8bc8d37 /src
parent: 7b4dcacbb2006de6483e982b21956a8f3098aa1d (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/src/core/arm/dyncom/arm_dyncom_interpreter.cpp b/src/core/arm/dyncom/arm_dyncom_interpreter.cpp
index 6d5fb7aec..c8d45c6db 100644
--- a/src/core/arm/dyncom/arm_dyncom_interpreter.cpp
+++ b/src/core/arm/dyncom/arm_dyncom_interpreter.cpp
@@ -2820,10 +2820,12 @@ unsigned InterpreterMainLoop(ARMul_State* cpu) {
                 operand2 = (BIT(RS, 15)) ? (BITS(RS, 0, 15) | 0xffff0000) : BITS(RS, 0, 15);
             else
                 operand2 = (BIT(RS, 31)) ? (BITS(RS, 16, 31) | 0xffff0000) : BITS(RS, 16, 31);
-            RD = operand1 * operand2 + RN;
 
-            if (AddOverflow(operand1 * operand2, RN, RD))
+            u32 product = operand1 * operand2;
+            u32 result = product + RN;
+            if (AddOverflow(product, RN, result))
                 cpu->Cpsr |= (1 << 27);
+            RD = result;
         }
         cpu->Reg[15] += cpu->GetInstructionSize();
         INC_PC(sizeof(smla_inst));
author	MerryMage <MerryMage@users.noreply.github.com>	2016-08-22 15:06:35 +0100
committer	MerryMage <MerryMage@users.noreply.github.com>	2016-08-22 15:13:33 +0100
commit	15b2eec4bdeadb6287a45c8d6fc77260280b45c8 (patch)
tree	a591c269b37df61ba81873e72ea45bccd8bc8d37 /src
parent	7b4dcacbb2006de6483e982b21956a8f3098aa1d (diff)