tcg/mips: fix crash in tcg_out_qemu_ld()

The address register is overriden when it corresponds to v0 and the fast
path is taken, which leads to a crash. Fix that by using the a0 register
instead.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit cca1af8c4d2ef6449fd61494ba2cb087b838011c)

diff --git a/tcg/mips/tcg-target.c b/tcg/mips/tcg-target.c
index 8fcb5c99c3072525e620b38176e40ff08a95f22d..807b8fdfaeb4ef668da893e1fdbe3374405b64d5 100644 (file)
--- a/tcg/mips/tcg-target.c
+++ b/tcg/mips/tcg-target.c
@@ -731,9 +731,9 @@ static void tcg_out_qemu_ld(TCGContext *s, const TCGArg *args,
     /* label1: fast path */
     reloc_pc16(label1_ptr, (tcg_target_long) s->code_ptr);
 
-    tcg_out_opc_imm(s, OPC_LW, TCG_REG_V0, TCG_REG_A0,
+    tcg_out_opc_imm(s, OPC_LW, TCG_REG_A0, TCG_REG_A0,
                     offsetof(CPUState, tlb_table[mem_index][0].addend) + addr_meml);
-    tcg_out_opc_reg(s, OPC_ADDU, TCG_REG_V0, TCG_REG_V0, addr_regl);
+    tcg_out_opc_reg(s, OPC_ADDU, TCG_REG_V0, TCG_REG_A0, addr_regl);
 
     addr_reg1 = TCG_REG_V0;
 #endif