x86-64: properly bounds-check %bnd<N> in OP_G()

The restriction to %bnd0-%bnd3 requires to also check REX.R is clear,
just like OP_E_Register() also includes REX.B in its check.

diff --git a/gas/testsuite/gas/i386/x86-64-mpx.d b/gas/testsuite/gas/i386/x86-64-mpx.d
index f3217e07016e458580ddc1c70fe1aeafa5da708d..2f45af0d6e4ceee3b2166678c261aef7ba20a2c8 100644 (file)
--- a/gas/testsuite/gas/i386/x86-64-mpx.d
+++ b/gas/testsuite/gas/i386/x86-64-mpx.d
@@ -191,5 +191,7 @@ Disassembly of section .text:
 [a-f0-9]+ <bad>:
 [      ]*[a-f0-9]+:    0f 1a 30                bndldx \(%rax\),\(bad\)
 [      ]*[a-f0-9]+:    66 0f 1a c4             bndmov \(bad\),%bnd0
+[      ]*[a-f0-9]+:    66 41 0f 1a c0          bndmov \(bad\),%bnd0
+[      ]*[a-f0-9]+:    66 44 0f 1a c0          bndmov %bnd0,\(bad\)
 [      ]*[a-f0-9]+:    f3 0f 1b 05 90 90 90 90         bndmk  \(bad\),%bnd0
 #pass

diff --git a/gas/testsuite/gas/i386/x86-64-mpx.s b/gas/testsuite/gas/i386/x86-64-mpx.s
index b113590cf7619b1b5506874dc6cda17eab674f91..3594d8e9c886ea0369085dfa7ea3e7f7b0e44b4d 100644 (file)
--- a/gas/testsuite/gas/i386/x86-64-mpx.s
+++ b/gas/testsuite/gas/i386/x86-64-mpx.s
@@ -227,6 +227,20 @@ bad:
        .byte 0x1a
        .byte 0xc4
 
+       # bndmov with REX.B set
+       .byte 0x66
+       .byte 0x41
+       .byte 0x0f
+       .byte 0x1a
+       .byte 0xc0
+
+       # bndmov with REX.R set
+       .byte 0x66
+       .byte 0x44
+       .byte 0x0f
+       .byte 0x1a
+       .byte 0xc0
+
        # bndmk (bad),%bnd0
        .byte 0xf3
        .byte 0x0f

diff --git a/opcodes/i386-dis.c b/opcodes/i386-dis.c
index e95d2ef9d642be595dc1ce8b2a1fa3802af25c48..203dcefa3602a16fae58fff8bb9d6419149a46aa 100644 (file)
--- a/opcodes/i386-dis.c
+++ b/opcodes/i386-dis.c
@@ -11966,7 +11966,7 @@ OP_G (int bytemode, int sizeflag)
       oappend (names64[modrm.reg + add]);
       break;
     case bnd_mode:
-      if (modrm.reg > 0x3)
+      if (modrm.reg + add > 0x3)
        {
          oappend ("(bad)");
          return;