Index: target-sparc/op.c
===================================================================
RCS file: /sources/qemu/qemu/target-sparc/op.c,v
retrieving revision 1.35
diff -u -r1.35 op.c
--- target-sparc/op.c	11 Jul 2007 16:43:30 -0000	1.35
+++ target-sparc/op.c	10 Oct 2007 16:26:34 -0000
@@ -531,7 +531,7 @@
 	 ((src1 & 0xffffffff) ^ (T0 & 0xffffffff))) & (1 << 31))
         raise_exception(TT_TOVF);
 #else
-    if ((src1 & 0x03) || (T1 & 0x03))
+    if (((src1 ^ T1 ^ -1) & (src1 ^ T0)) & (1 << 31))
         raise_exception(TT_TOVF);
 #endif
 
Index: target-sparc/translate.c
===================================================================
RCS file: /sources/qemu/qemu/target-sparc/translate.c,v
retrieving revision 1.65
diff -u -r1.65 translate.c
--- target-sparc/translate.c	11 Jul 2007 16:43:30 -0000	1.65
+++ target-sparc/translate.c	10 Oct 2007 16:26:36 -0000
@@ -1928,10 +1928,12 @@
 		        gen_movl_T0_reg(rd);
 			break;
 		    case 0x22: /* taddcctv */
+                        save_state(dc);
 			gen_op_tadd_T1_T0_ccTV();
 		        gen_movl_T0_reg(rd);
 			break;
 		    case 0x23: /* tsubcctv */
+                        save_state(dc);
 			gen_op_tsub_T1_T0_ccTV();
 		        gen_movl_T0_reg(rd);
 			break;