Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decoder fails to decode some weird instructions #133

Closed
0xd4d opened this issue Feb 6, 2020 · 4 comments
Closed

Decoder fails to decode some weird instructions #133

0xd4d opened this issue Feb 6, 2020 · 4 comments
Labels
A-decoder Area: Decoder C-bug Category: This is a bug (or a fix for a bug, when applied to PRs) P-medium Priority: Medium

Comments

@0xd4d
Copy link

0xd4d commented Feb 6, 2020

Version: latest master = 4d4fe4c

Can't decode these instructions. REX.X bit should be ignored.

  • 66420F1ACA = bndmov = unused REX.X bit is set
  • 66420F1BCA = bndmov = unused REX.X bit is set

Can't decode these instructions. Rounding control should be ignored.

Intel SDM: EVEX.W0 version: attempt to encode this instruction with EVEX embedded rounding is ignored.

  • 62E10F182AD3 = vcvtsi2sd gpr32 with ignored rc bits
  • 62E10F187BD3 = vcvtusi2sd gpr32 with ignored rc bits

These decode without errors in minimal mode because ZydisDecodeOperands() isn't called:

  • 0F1A0D34125AA5
  • 0F1B0D34125AA5
@athre0z athre0z added A-decoder Area: Decoder C-bug Category: This is a bug (or a fix for a bug, when applied to PRs) P-medium Priority: Medium labels Feb 6, 2020
@flobernd
Copy link
Member

flobernd commented Feb 7, 2020

Hi there,

first of all thanks for reporting these issues. Correctness is very important for us.

Can't decode these instructions. REX.X bit should be ignored

You are correct I guess. Not entirely sure why I put a check to actively prevent REX.X for BND registers. The .X component is only used to extend RM encoded registers for EVEX/MVEX anyways and should not affect BND.

Fixed in: d7ba09a

Can't decode these instructions. Rounding control should be ignored.

You are correct here as well. I had a constraint requiring all E10NF exception-class instructions to have EVEX.B set to 0 in the instruction-editor. I removed that condition to allow these two exceptions.

Fixed in: 5f2dde8

These decode without errors in minimal mode because ZydisDecodeOperands() isn't called

Will check this case later today.

@flobernd
Copy link
Member

flobernd commented Feb 7, 2020

Fixed the last problem as well by adding a new constraint for MIB memory operands to disallow relative addressing.

@0xd4d
Copy link
Author

0xd4d commented Feb 7, 2020
edited
Loading

I think your RIP-rel fix forgot the 64-bit check:

  • 0F1A0D34125AA5: fails to decode in 32-bit mode now

flobernd added a commit that referenced this issue Feb 7, 2020
@flobernd
Add missing machine-mode check
efa98e2 
related to #133
@flobernd
Copy link
Member

flobernd commented Feb 7, 2020

I think your RIP-rel fix forgot the 64-bit check

Oh well .. seems like I'm really not concentrated today. Thanks for reporting again. Should be fixed now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-decoder Area: Decoder C-bug Category: This is a bug (or a fix for a bug, when applied to PRs) P-medium Priority: Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@athre0z @flobernd