From bac11f2cfe7913ef4c37af608454451e27f78eff Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Thu, 22 Jul 2021 13:03:16 +0200 Subject: [PATCH] x86-64: properly bounds-check %bnd in OP_G() The restriction to %bnd0-%bnd3 requires to also check REX.R is clear, just like OP_E_Register() also includes REX.B in its check. --- gas/testsuite/gas/i386/x86-64-mpx.d | 2 ++ gas/testsuite/gas/i386/x86-64-mpx.s | 14 ++++++++++++++ opcodes/i386-dis.c | 2 +- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/gas/testsuite/gas/i386/x86-64-mpx.d b/gas/testsuite/gas/i386/x86-64-mpx.d index f3217e07016..2f45af0d6e4 100644 --- a/gas/testsuite/gas/i386/x86-64-mpx.d +++ b/gas/testsuite/gas/i386/x86-64-mpx.d @@ -191,5 +191,7 @@ Disassembly of section .text: [a-f0-9]+ : [ ]*[a-f0-9]+: 0f 1a 30 bndldx \(%rax\),\(bad\) [ ]*[a-f0-9]+: 66 0f 1a c4 bndmov \(bad\),%bnd0 +[ ]*[a-f0-9]+: 66 41 0f 1a c0 bndmov \(bad\),%bnd0 +[ ]*[a-f0-9]+: 66 44 0f 1a c0 bndmov %bnd0,\(bad\) [ ]*[a-f0-9]+: f3 0f 1b 05 90 90 90 90 bndmk \(bad\),%bnd0 #pass diff --git a/gas/testsuite/gas/i386/x86-64-mpx.s b/gas/testsuite/gas/i386/x86-64-mpx.s index b113590cf76..3594d8e9c88 100644 --- a/gas/testsuite/gas/i386/x86-64-mpx.s +++ b/gas/testsuite/gas/i386/x86-64-mpx.s @@ -227,6 +227,20 @@ bad: .byte 0x1a .byte 0xc4 + # bndmov with REX.B set + .byte 0x66 + .byte 0x41 + .byte 0x0f + .byte 0x1a + .byte 0xc0 + + # bndmov with REX.R set + .byte 0x66 + .byte 0x44 + .byte 0x0f + .byte 0x1a + .byte 0xc0 + # bndmk (bad),%bnd0 .byte 0xf3 .byte 0x0f diff --git a/opcodes/i386-dis.c b/opcodes/i386-dis.c index e95d2ef9d64..203dcefa360 100644 --- a/opcodes/i386-dis.c +++ b/opcodes/i386-dis.c @@ -11966,7 +11966,7 @@ OP_G (int bytemode, int sizeflag) oappend (names64[modrm.reg + add]); break; case bnd_mode: - if (modrm.reg > 0x3) + if (modrm.reg + add > 0x3) { oappend ("(bad)"); return; -- 2.30.2