<html>
    <head>
      <base href="https://bugs.llvm.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - LLVMDisasmInstruction returns 1 for invalid instruction (x86 prefix only)"
   href="https://bugs.llvm.org/show_bug.cgi?id=39915">39915</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>LLVMDisasmInstruction returns 1 for invalid instruction (x86 prefix only)
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>libraries
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>MC
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>p.antoine@catenacyber.fr
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvm-bugs@lists.llvm.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>I am doing differential fuzzing between llvm-mc and capstone.

The following snippet of code has `LLVMDisasmInstruction` returning 1.
But the documentation <a href="http://llvm.org/doxygen/group__LLVMCDisassembler.html">http://llvm.org/doxygen/group__LLVMCDisassembler.html</a>
states that it should return 0 if there was no valid instruction.
It looks to me that a x86 prefix without anything else is not a valid
instruction.

```
extern "C" int LLVMFuzzerReturnOneInput() {
    LLVMDisasmContextRef Ctx;
    uint8_t Data[1] = {0xf2};
    size_t Size = 1;
    char AssemblyText[80];
    std::vector<uint8_t> DataCopy(Data, Data + Size);
    uint8_t *p = DataCopy.data();
    int r = 1;

    Ctx = LLVMCreateDisasmCPUFeatures("x86_64", "", "", nullptr, 0, nullptr,
nullptr);
    if (LLVMSetDisasmOptions(Ctx, LLVMDisassembler_Option_AsmPrinterVariant) ==
0) {
        abort();
    }
    assert(Ctx);


    if (LLVMDisasmInstruction(Ctx, p, Size, 0, AssemblyText, 80) > 0) {
        r = 0;
    }
    LLVMDisasmDispose(Ctx);

    return r;
}
```</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>