[llvm-bugs] [Bug 39915] New: LLVMDisasmInstruction returns 1 for invalid instruction (x86 prefix only)
via llvm-bugs
llvm-bugs at lists.llvm.org
Fri Dec 7 07:09:58 PST 2018
https://bugs.llvm.org/show_bug.cgi?id=39915
Bug ID: 39915
Summary: LLVMDisasmInstruction returns 1 for invalid
instruction (x86 prefix only)
Product: libraries
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P
Component: MC
Assignee: unassignedbugs at nondot.org
Reporter: p.antoine at catenacyber.fr
CC: llvm-bugs at lists.llvm.org
I am doing differential fuzzing between llvm-mc and capstone.
The following snippet of code has `LLVMDisasmInstruction` returning 1.
But the documentation http://llvm.org/doxygen/group__LLVMCDisassembler.html
states that it should return 0 if there was no valid instruction.
It looks to me that a x86 prefix without anything else is not a valid
instruction.
```
extern "C" int LLVMFuzzerReturnOneInput() {
LLVMDisasmContextRef Ctx;
uint8_t Data[1] = {0xf2};
size_t Size = 1;
char AssemblyText[80];
std::vector<uint8_t> DataCopy(Data, Data + Size);
uint8_t *p = DataCopy.data();
int r = 1;
Ctx = LLVMCreateDisasmCPUFeatures("x86_64", "", "", nullptr, 0, nullptr,
nullptr);
if (LLVMSetDisasmOptions(Ctx, LLVMDisassembler_Option_AsmPrinterVariant) ==
0) {
abort();
}
assert(Ctx);
if (LLVMDisasmInstruction(Ctx, p, Size, 0, AssemblyText, 80) > 0) {
r = 0;
}
LLVMDisasmDispose(Ctx);
return r;
}
```
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181207/6e82b67d/attachment.html>
More information about the llvm-bugs
mailing list