[04/12] x86-64: properly bounds-check %bnd<N> in OP_G()

Message ID 5551a278-b4ec-7cf9-9776-7c0a6bba18c6@suse.com
State New
Headers show
Series
  • x86: disassembler fixes and some consolidation
Related show

Commit Message

Luis Machado via Binutils July 21, 2021, 10:19 a.m.
The restriction to %bnd0-%bnd3 requires to also check REX.R is clear,
just like OP_E_Register() also includes REX.B in its check.

Patch

--- a/gas/testsuite/gas/i386/x86-64-mpx.d
+++ b/gas/testsuite/gas/i386/x86-64-mpx.d
@@ -191,5 +191,7 @@  Disassembly of section .text:
 [a-f0-9]+ <bad>:
 [ 	]*[a-f0-9]+:	0f 1a 30             	bndldx \(%rax\),\(bad\)
 [ 	]*[a-f0-9]+:	66 0f 1a c4          	bndmov \(bad\),%bnd0
+[ 	]*[a-f0-9]+:	66 41 0f 1a c0       	bndmov \(bad\),%bnd0
+[ 	]*[a-f0-9]+:	66 44 0f 1a c0       	bndmov %bnd0,\(bad\)
 [ 	]*[a-f0-9]+:	f3 0f 1b 05 90 90 90 90 	bndmk  \(bad\),%bnd0
 #pass
--- a/gas/testsuite/gas/i386/x86-64-mpx.s
+++ b/gas/testsuite/gas/i386/x86-64-mpx.s
@@ -227,6 +227,20 @@  bad:
 	.byte 0x1a
 	.byte 0xc4
 
+	# bndmov with REX.B set
+	.byte 0x66
+	.byte 0x41
+	.byte 0x0f
+	.byte 0x1a
+	.byte 0xc0
+
+	# bndmov with REX.R set
+	.byte 0x66
+	.byte 0x44
+	.byte 0x0f
+	.byte 0x1a
+	.byte 0xc0
+
 	# bndmk (bad),%bnd0
 	.byte 0xf3
 	.byte 0x0f
--- a/opcodes/i386-dis.c
+++ b/opcodes/i386-dis.c
@@ -11966,7 +11966,7 @@  OP_G (int bytemode, int sizeflag)
       oappend (names64[modrm.reg + add]);
       break;
     case bnd_mode:
-      if (modrm.reg > 0x3)
+      if (modrm.reg + add > 0x3)
 	{
 	  oappend ("(bad)");
 	  return;