qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] i386 emulation bug: mov reg, [addr]

From: malc
Subject: Re: [Qemu-devel] i386 emulation bug: mov reg, [addr]
Date: Wed, 16 Dec 2009 01:24:24 +0300 (MSK) 
On Tue, 15 Dec 2009, Jamie Lokier wrote:

> Clemens Kolbitsch wrote:
> >         /* XXX: index == 4 is always invalid */
> >         if (havesib && (index != 4 || scale != 0)) {
> > #ifdef TARGET_X86_64
> >             if (s->aflag == 2) {
> >                 gen_op_addq_A0_reg_sN(scale, index);
> >             } else
> > #endif
> >             {
> >                 /// !!!!!!!!!! this does the evil !!!!!!!!!!!!!!
> >                 gen_op_addl_A0_reg_sN(scale, index);
> >             }
> >         }
> 
> This is indeed a bug.  Avi's explained why it doesn't trigger in
> normal code.
> 
> When the index register is 4, which normally means %esp, in the SIB
> encoding it means "no index".  Independent of the shift (scale).
> 
> So it should say:
> 
>          /* index == 4 means no index. */
>          if (havesib && index != 4) {
> 
> But that said, I'm not sure if this line from earlier breaks the test:
> 
>             index = ((code >> 3) & 7) | REX_X(s);
> 
> When is REX_X(s) not zero, and does it break the index != 4 test?

http://sandpile.org/aa64/opc_sib.htm

The code above is definitely incorrect in 32bit case.

-- 
mailto:address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]