T0b1/fadec
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Verify more register indices

Browse Source
This commit is contained in:
Alexis Engelke
2019-11-02 21:47:28 +01:00
parent ab2d60da75
commit 96ba1a1166
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
decode.c
View File

@@ -603,15 +603,23 @@ fd_decode(const uint8_t* buffer, size_t len_sz, int mode_int, uintptr_t address,
for (int i = 0; i < 4; i++) for (int i = 0; i < 4; i++)
{ {
uint32_t reg_type = (desc->reg_types >> 4 * i) & 0xf; uint32_t reg_type = (desc->reg_types >> 4 * i) & 0xf;
uint32_t reg_idx = instr->operands[i].reg;
if (reg_type == FD_RT_MEM && instr->operands[i].type != FD_OT_MEM) if (reg_type == FD_RT_MEM && instr->operands[i].type != FD_OT_MEM)
return -1; return -1;
if (instr->operands[i].type != FD_OT_REG) if (instr->operands[i].type != FD_OT_REG)
continue; continue;
if (reg_type == FD_RT_GPL && !(prefixes & PREFIX_REX) && if (reg_type == FD_RT_GPL && !(prefixes & PREFIX_REX) &&
instr->operands[i].size == 1 && instr->operands[i].reg >= 4) instr->operands[i].size == 1 && reg_idx >= 4)
reg_type = FD_RT_GPH; reg_type = FD_RT_GPH;
// Reject invalid segment registers // Reject invalid segment registers
if (reg_type == FD_RT_SEG && instr->operands[i].reg >= 6) if (reg_type == FD_RT_SEG && reg_idx >= 6)
return -1;
// Reject invalid control registers
if (reg_type == FD_RT_CR && reg_idx != 0 && reg_idx != 2 &&
reg_idx != 3 && reg_idx != 4 && reg_idx != 8)
return -1;
// Reject invalid debug registers
if (reg_type == FD_RT_DR && reg_idx >= 8)
return -1; return -1;
instr->operands[i].misc = reg_type; instr->operands[i].misc = reg_type;
} }