Skip to content

[X86] Disassembly Error, over-decode invalid instruction with mutual exclusive prefix #2547

Open
@venkyqz

Description

@venkyqz

Work environment

Questions Answers
OS/arch/bits x86_64 Ubuntu 20.04
Architecture x86_64
Source of Capstone git clone, default on next branch.
Version/git commit v6.0.0, d7be5f9

Instruction bytes giving faulty results

0xf0,0xf2,0x41,0x0f,0xb7,0xd6

Expected results

It should be:

ERROR: invalid assembly code

Steps to get the wrong result

With cstool:

$ ./cstool -d x64 "0xf0,0xf2,0x41,0x0f,0xb7,0xd6"
 0  f0 f2 41 0f b7 d6                                movzx      edx, r14w
        ID: 496 (movzx)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x0f 0xb7 0x00 0x00 
        rex: 0x41
        addr_size: 8
        modrm: 0xd6
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: REG = edx
                operands[0].size: 4
                operands[0].access: WRITE
                operands[1].type: REG = r14w
                operands[1].size: 2
                operands[1].access: READ
        Registers read: r14w
        Registers modified: edx
        
$ ./cstool -d x64 "0xf0,0x41,0x0f,0xb7,0xd6" 
ERROR: invalid assembly code

$ ./cstool -d x64 "0xf2,0x41,0x0f,0xb7,0xd6"
 0  f2 41 0f b7 d6                                   movzx      edx, r14w
        ID: 496 (movzx)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x0f 0xb7 0x00 0x00 
        rex: 0x41
        addr_size: 8
        modrm: 0xd6
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: REG = edx
                operands[0].size: 4
                operands[0].access: WRITE
                operands[1].type: REG = r14w
                operands[1].size: 2
                operands[1].access: READ
        Registers read: r14w
        Registers modified: edx

Additional Logs, screenshots, source code, configuration dump, ...

Capstone correctly identifies that the LOCK prefix (0xf0) is incompatible with the movzx instruction. It also has no problem with the REPNE/REPNZ prefix (0xf2). However, it fails to recognize that the prefixes 0xf2 and 0xf0 are mutually exclusive and cannot appear together in a single instruction. In contrast, both XED and Zydis disassemblers return an 'invalid assembly code' error for the sequence 0xf0, 0xf2, 0x41, 0x0f, 0xb7, 0xd6

Metadata

Metadata

Assignees

No one assigned

    Labels

    X86ArchbugSomething is not working as it shouldoutdated-moduleIssue due to an outdated arch module

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions