<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/111247>111247</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Xtensa: Reachable assert in `decodeImm8_sh8Operand()`
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
Rot127
</td>
</tr>
</table>
<pre>
We discovered a reachable assert in the Xtensa disassembler in `decodeImm8_sh8Operand()`.
The immediate given to `decodeImm8_sh8Operand` has already been shifted. Checking if it is an 8bit value fails therefore.
`decodeImm8_sh8Operand` gets called from `XtensaGenDisassemblerTables.inc` like this:
```cpp
...
if (!Check(S, DecodeARRegisterClass(MI, tmp, Address, Decoder))) { return MCDisassembler::Fail; }
tmp = fieldFromInstruction(insn, 16, 8) << 8;
if (!Check(S, decodeImm8_sh8Operand(MI, tmp, Address, Decoder))) { return MCDisassembler::Fail; }
return S;
...
```
Fix (in C): https://github.com/capstone-engine/llvm-capstone/pull/62
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy0lEtvpDgUhX-N2VwF2QaqqAWLeohRFtFIlUgzu5bBF7gdY5Btqjv_vmUqr5Y6yaoly1W6Nj7fOX4o76m3iBUrDqw4JWoJw-Sq8xSE3CbNpJ-q_xA0-Xa6oEMNChyqdlCNQVDeowtAFsKA8H9A61WcG-tjY9DFIbbhGttJ4-04lt_8UP47o1NWM1kyuWMbnjJ-Ynx_7R8GBBpH1KQCQk8XtBCmjxfZcBiUB2UcKv0EDaIFP1AXUKdwHLB9JNsDdUAByIOyUDYU4KLMgtApMj6yO-wmh7-BfKbYY_DQKmNQQ-emMeJd3f-D9vTO_0OMyadk2_iZoUeEMJBn2ZvItbXzfK2k6TMFAETsNSWxGmGyvGfyCKcVa38-Y08-oDsa5T2T5d1tHA3jHH_2WjuM5Zf5Loa9NmDbAzgMi7Nwd3yPG7myfa3IsOwAbHt6QwnjDCw7QUdodO2m8db64JY20GSZLMl6G7XEJvblqpIdWRb_Z4evHH10Pv6qo-f59698r9G_7sr781DTT1iNwjGKZnsYQpjXrZQ1k3VPYViatJ1GJutWzT5MFm_Q9mSRydqYy3jzUmaynhdjmKw3MtFVpnfZTiVYia0shczyMk-Gqsj0jktsddcU7U7kneKtbsVWbDZl1_AioUpymQvOC8FFyfNUbLs8bwrdiU4UUnOWcxwVmTSKp5PrE_J-wUoIIfNtYlSDxq8XX0qLP2AdZVLGd8BVK3Gz9J7l3JAP_m2ZQMFgdT3xMYnzH16EL699sjhTfZJhVHsJbnbTd2wDk_XK6Jmsn01cKvkrAAD__6NAdng">