From 7e46c95c04145766cf6ced2174e98695eedcfc78 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <campbell@mumble.net>
Date: Fri, 1 Feb 2019 05:30:38 +0000
Subject: [PATCH] Validate signed-26 PC-relative offset in B instruction.

---
 src/compiler/machines/aarch64/instr1.scm | 2 +-
 src/compiler/machines/aarch64/insutl.scm | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/compiler/machines/aarch64/instr1.scm b/src/compiler/machines/aarch64/instr1.scm
index 995d86cde..791c65c79 100644
--- a/src/compiler/machines/aarch64/instr1.scm
+++ b/src/compiler/machines/aarch64/instr1.scm
@@ -197,7 +197,7 @@ USA.
 ;; Branch unconditional to PC-relative.
 
 (define-instruction B
-  (((@PCO (* 4 (? offset))))
+  (((@PCO (* 4 (? offset signed-26))))
    (BITS (1 0)                          ;no link
          (5 #b00101)
          (26 offset SIGNED)))
diff --git a/src/compiler/machines/aarch64/insutl.scm b/src/compiler/machines/aarch64/insutl.scm
index f1c37b53b..ad91370b9 100644
--- a/src/compiler/machines/aarch64/insutl.scm
+++ b/src/compiler/machines/aarch64/insutl.scm
@@ -48,6 +48,11 @@ USA.
        (<= #x-100000 x #xfffff)
        x))
 
+(define (signed-26 x)
+  (and (exact-integer? x)
+       (<= #x-04000000 x #x03ffffff)
+       x))
+
 (define (signed-33 x)
   (and (exact-integer? x)
        (<= #x-100000000 x #xffffffff)
-- 
2.25.1