diff -ruN qemu-0.9.0.orig/target-i386/translate.c qemu-0.9.0/target-i386/translate.c
--- qemu-0.9.0.orig/target-i386/translate.c	2007-04-18 12:06:19.000000000 +0200
+++ qemu-0.9.0/target-i386/translate.c	2007-04-18 12:10:49.000000000 +0200
@@ -4776,21 +4776,8 @@
                 gen_op_fpop();
                 s->cc_op = CC_OP_EFLAGS;
                 break;
-            case 0x10 ... 0x13: /* fcmovxx */
+            case 0x10 ... 0x13:  /* fcmovxx */
             case 0x18 ... 0x1b:
-                {
-                    int op1;
-                    const static uint8_t fcmov_cc[8] = {
-                        (JCC_B << 1),
-                        (JCC_Z << 1),
-                        (JCC_BE << 1),
-                        (JCC_P << 1),
-                    };
-                    op1 = fcmov_cc[op & 3] | ((op >> 3) & 1);
-                    gen_setcc(s, op1);
-                    gen_op_fcmov_ST0_STN_T0(opreg);
-                }
-                break;
             default:
                 goto illegal_op;
             }
@@ -5105,22 +5092,9 @@
         gen_setcc(s, b);
         gen_ldst_modrm(s, modrm, OT_BYTE, OR_TMP0, 1);
         break;
-    case 0x140 ... 0x14f: /* cmov Gv, Ev */
-        ot = dflag + OT_WORD;
-        modrm = ldub_code(s->pc++);
-        reg = ((modrm >> 3) & 7) | rex_r;
-        mod = (modrm >> 6) & 3;
-        gen_setcc(s, b);
-        if (mod != 3) {
-            gen_lea_modrm(s, modrm, &reg_addr, &offset_addr);
-            gen_op_ld_T1_A0[ot + s->mem_index]();
-        } else {
-            rm = (modrm & 7) | REX_B(s);
-            gen_op_mov_TN_reg[ot][1][rm]();
-        }
-        gen_op_cmov_reg_T1_T0[ot - OT_WORD][reg]();
-        break;
-        
+    case 0x140 ... 0x14f:
+	goto illegal_op;
+
         /************************/
         /* flags */
     case 0x9c: /* pushf */