Avoid random access values for operands in not-yet-specified instructions. (#2259)

arch/X86/X86ATTInstPrinter.c

@@ -286,6 +286,9 @@ static void get_op_access(cs_struct *h, unsigned int id, uint8_t *access, uint64
 	uint8_t count, i;
 	const uint8_t *arr = X86_get_op_access(h, id, eflags);
 
+	// initialize access
+	memset(access, 0, CS_X86_MAXIMUM_OPERAND_SIZE * sizeof(access[0]));
+
 	if (!arr) {
 		access[0] = 0;
 		return;
@@ -313,7 +316,7 @@ static void printSrcIdx(MCInst *MI, unsigned Op, SStream *O)
 	int reg;
 
 	if (MI->csh->detail_opt) {
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_MEM;
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].size = MI->x86opsize;
@@ -351,7 +354,7 @@ static void printSrcIdx(MCInst *MI, unsigned Op, SStream *O)
 static void printDstIdx(MCInst *MI, unsigned Op, SStream *O)
 {
 	if (MI->csh->detail_opt) {
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_MEM;
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].size = MI->x86opsize;
@@ -437,7 +440,7 @@ static void printMemOffset(MCInst *MI, unsigned Op, SStream *O)
 	int reg;
 
 	if (MI->csh->detail_opt) {
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_MEM;
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].size = MI->x86opsize;
@@ -563,7 +566,7 @@ static void printOperand(MCInst *MI, unsigned OpNo, SStream *O)
 			if (MI->csh->doing_mem) {
 				MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].mem.base = X86_register_map(reg);
 			} else {
-				uint8_t access[6];
+				uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 
 				MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_REG;
 				MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].reg = X86_register_map(reg);
@@ -712,7 +715,7 @@ static void printMemReference(MCInst *MI, unsigned Op, SStream *O)
 	int64_t DispVal = 1;
 
 	if (MI->csh->detail_opt) {
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_MEM;
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].size = MI->x86opsize;
@@ -877,7 +880,7 @@ void X86_ATT_printInst(MCInst *MI, SStream *OS, void *info)
 	}
 
 	if (MI->csh->detail_opt) {
-		uint8_t access[6] = {0};
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE] = {0};
 
 		// some instructions need to supply immediate 1 in the first op
 		switch(MCInst_getOpcode(MI)) {
@@ -983,7 +986,7 @@ void X86_ATT_printInst(MCInst *MI, SStream *OS, void *info)
 				MI->flat_insn->detail->x86.operands[1].type = X86_OP_REG;
 				MI->flat_insn->detail->x86.operands[1].reg = reg2;
 				MI->flat_insn->detail->x86.operands[1].size = MI->csh->regsize_map[reg2];
-				MI->flat_insn->detail->x86.operands[0].access = access2;
+				MI->flat_insn->detail->x86.operands[1].access = access2;
 				MI->flat_insn->detail->x86.op_count = 2;
 			}
 		}

arch/X86/X86InstPrinterCommon.h

@@ -7,10 +7,10 @@
 #include "../../MCInst.h"
 #include "../../SStream.h"
 
+#define CS_X86_MAXIMUM_OPERAND_SIZE 6
 
 void printSSEAVXCC(MCInst *MI, unsigned Op, SStream *O);
 void printXOPCC(MCInst *MI, unsigned Op, SStream *O);
 void printRoundingControl(MCInst *MI, unsigned Op, SStream *O);
 
 #endif
-

arch/X86/X86IntelInstPrinter.c

@@ -430,6 +430,9 @@ static void get_op_access(cs_struct *h, unsigned int id, uint8_t *access, uint64
 	uint8_t i;
 	const uint8_t *arr = X86_get_op_access(h, id, eflags);
 
+	// initialize access
+	memset(access, 0, CS_X86_MAXIMUM_OPERAND_SIZE * sizeof(access[0]));
+
 	if (!arr) {
 		access[0] = 0;
 		return;
@@ -456,7 +459,7 @@ static void printSrcIdx(MCInst *MI, unsigned Op, SStream *O)
 
 	if (MI->csh->detail_opt) {
 #ifndef CAPSTONE_DIET
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 #endif
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_MEM;
@@ -496,7 +499,7 @@ static void printDstIdx(MCInst *MI, unsigned Op, SStream *O)
 {
 	if (MI->csh->detail_opt) {
 #ifndef CAPSTONE_DIET
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 #endif
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_MEM;
@@ -592,7 +595,7 @@ static void printMemOffset(MCInst *MI, unsigned Op, SStream *O)
 
 	if (MI->csh->detail_opt) {
 #ifndef CAPSTONE_DIET
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 #endif
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_MEM;
@@ -649,7 +652,7 @@ static void printU8Imm(MCInst *MI, unsigned Op, SStream *O)
 
 	if (MI->csh->detail_opt) {
 #ifndef CAPSTONE_DIET
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 #endif
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_IMM;
@@ -714,7 +717,7 @@ void X86_Intel_printInst(MCInst *MI, SStream *O, void *Info)
 	reg = X86_insn_reg_intel(MCInst_getOpcode(MI), &access1);
 	if (MI->csh->detail_opt) {
 #ifndef CAPSTONE_DIET
-		uint8_t access[6] = {0};
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE] = {0};
 #endif
 
 		// first op can be embedded in the asm by llvm.
@@ -771,7 +774,7 @@ static void printPCRelImm(MCInst *MI, unsigned OpNo, SStream *O)
 
 		if (MI->csh->detail_opt) {
 #ifndef CAPSTONE_DIET
-			uint8_t access[6];
+			uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 #endif
 
 			MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_IMM;
@@ -810,7 +813,7 @@ static void printOperand(MCInst *MI, unsigned OpNo, SStream *O)
 				MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].mem.base = X86_register_map(reg);
 			} else {
 #ifndef CAPSTONE_DIET
-				uint8_t access[6];
+				uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 #endif
 
 				MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_REG;
@@ -897,7 +900,7 @@ static void printOperand(MCInst *MI, unsigned OpNo, SStream *O)
 				MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].mem.disp = imm;
 			} else {
 #ifndef CAPSTONE_DIET
-				uint8_t access[6];
+				uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 #endif
 
 				MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_IMM;
@@ -937,7 +940,7 @@ static void printMemReference(MCInst *MI, unsigned Op, SStream *O)
 
 	if (MI->csh->detail_opt) {
 #ifndef CAPSTONE_DIET
-		uint8_t access[6];
+		uint8_t access[CS_X86_MAXIMUM_OPERAND_SIZE];
 #endif
 
 		MI->flat_insn->detail->x86.operands[MI->flat_insn->detail->x86.op_count].type = X86_OP_MEM;

arch/X86/X86MappingInsnOp.inc

@@ -16915,7 +16915,7 @@
 
 {	/* X86_VCMPSSZrr_Int, X86_INS_VCMP: vcmp */
 	0,
-	{ 0 }
+	{ CS_AC_WRITE, CS_AC_READ, CS_AC_READ, 0 }
 },
 
 {	/* X86_VCMPSSZrr_Intk, X86_INS_VCMP: vcmp */
@@ -75697,4 +75697,3 @@
 	X86_EFLAGS_MODIFY_ZF | X86_EFLAGS_RESET_CF | X86_EFLAGS_RESET_OF | X86_EFLAGS_RESET_SF | X86_EFLAGS_RESET_PF | X86_EFLAGS_RESET_AF,
 	{ 0 }
 },
-

suite/cstest/issues.cs

@@ -1,3 +1,7 @@
+!# issue 2258 vcmpunordss incorrect read/modified register
+!# CS_ARCH_X86, CS_MODE_64, CS_OPT_DETAIL
+0x62,0xd1,0x56,0x08,0xc2,0xca,0x03 == vcmpunordss k1, xmm5, xmm10 ; operands[0].access: WRITE ; operands[1].access: READ ; operands[2].access: READ
+
 !# issue 2062 repz Prefix
 !# CS_ARCH_X86, CS_MODE_64, CS_OPT_DETAIL
 0xf3,0xc3 == repz ret ; Prefix:0xf3 0x00 0x00 0x00