From aa1a39bd9d42daa444a258722a316ba29b121571 Mon Sep 17 00:00:00 2001
From: Alexis Engelke <alexis.engelke@googlemail.com>
Date: Sun, 29 Nov 2020 11:53:06 +0100
Subject: [PATCH] instrs: Check SREG validity using modreg table

---
 decode.c            |  6 +-----
 instrs.txt          | 13 +++++++++++--
 tests/test_decode.c |  2 ++
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/decode.c b/decode.c
index 20c4268..5c5f5c1 100644
--- a/decode.c
+++ b/decode.c
@@ -89,11 +89,7 @@ decode_modrm(const uint8_t* buffer, int len, DecodeMode mode, FdInstr* instr,
             reg_idx += prefixes & PREFIX_REXR ? 8 : 0;
 #endif
 
-        if (is_seg && reg_idx >= 6)
-            return FD_ERR_UD;
-        else if (UNLIKELY(instr->type == FDI_MOV_G2S) && reg_idx == 1)
-            return FD_ERR_UD;
-        else if (is_cr && (~0x011d >> reg_idx) & 1)
+        if (is_cr && (~0x011d >> reg_idx) & 1)
             return FD_ERR_UD;
         else if (is_dr && reg_idx >= 8)
             return FD_ERR_UD;
diff --git a/instrs.txt b/instrs.txt
index 5ac9b01..dc9e882 100644
--- a/instrs.txt
+++ b/instrs.txt
@@ -139,9 +139,18 @@
 89                    MR    GP     GP     -      -      MOV
 8a                    RM    GP     GP     -      -      MOV SIZE_8
 8b                    RM    GP     GP     -      -      MOV
-8c                    MR    GP16   SREG   -      -      MOV_S2G
+8c/0                  MR    GP16   SREG   -      -      MOV_S2G
+8c/1                  MR    GP16   SREG   -      -      MOV_S2G
+8c/2                  MR    GP16   SREG   -      -      MOV_S2G
+8c/3                  MR    GP16   SREG   -      -      MOV_S2G
+8c/4                  MR    GP16   SREG   -      -      MOV_S2G
+8c/5                  MR    GP16   SREG   -      -      MOV_S2G
 8d/m                  RM    GP     MEMZ   -      -      LEA
-8e                    RM    SREG   GP16   -      -      MOV_G2S
+8e/0                  RM    SREG   GP16   -      -      MOV_G2S
+8e/2                  RM    SREG   GP16   -      -      MOV_G2S
+8e/3                  RM    SREG   GP16   -      -      MOV_G2S
+8e/4                  RM    SREG   GP16   -      -      MOV_G2S
+8e/5                  RM    SREG   GP16   -      -      MOV_G2S
 8f/0                  M     GP     -      -      -      POP DEF64
 # Against frequent belief, only, XCHG (r/e)AX, (r)AX with 90 is NOP.
 # As a lacking REX.B cannot be specified here, this is hardcoded.
diff --git a/tests/test_decode.c b/tests/test_decode.c
index 854aeca..036432c 100644
--- a/tests/test_decode.c
+++ b/tests/test_decode.c
@@ -104,6 +104,8 @@ main(int argc, char** argv)
     TEST64("\x44\x0f\x21\x00", "UD"); // dr8
     TEST("\x8c\xc0", "[MOV_S2G reg2:r0 reg2:r0]");
     TEST64("\x44\x8c\xc0", "[MOV_S2G reg2:r0 reg2:r0]");
+    TEST64("\x44\x8c\xf0", "UD"); // no segment register 6
+    TEST64("\x44\x8c\xf8", "UD"); // no segment register 7
     TEST("\x8e\xc0", "[MOV_G2S reg2:r0 reg2:r0]");
     TEST("\x8e\xc8", "UD"); // No mov cs, eax
     TEST("\xd8\xc1", "[FADD reg0:r0 reg0:r1]");