From e4000595fbaf018ce2922294dfb9a1c28532dab0 Mon Sep 17 00:00:00 2001 From: Johnny Chen Date: Thu, 24 Mar 2011 02:24:36 +0000 Subject: [PATCH] CPS3p: Let's reject impossible imod values by returning false from the DisassembleMiscFrm() function. Fixed rdar://problem/9179416 ARM disassembler crash: "Unknown imod operand" (fuzz testing) Opcode=98 Name=CPS3p Format=ARM_FORMAT_MISCFRM(26) 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 ------------------------------------------------------------------------------------------------- | 1: 1: 1: 1| 0: 0: 0: 1| 0: 0: 0: 0| 0: 0: 1: 0| 0: 0: 0: 1| 1: 1: 0: 0| 1: 0: 0: 1| 0: 0: 1: 1| ------------------------------------------------------------------------------------------------- Before: cpsUnknown imod operand UNREACHABLE executed at /Volumes/data/lldb/llvm/lib/Target/ARM/InstPrinter/../ARMBaseInfo.h:123! After: /Volumes/data/Radar/9179416/mc-input-arm.txt:1:1: warning: invalid instruction encoding 0x93 0x1c 0x2 0xf1 ^ git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@128192 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Target/ARM/Disassembler/ARMDisassemblerCore.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/Target/ARM/Disassembler/ARMDisassemblerCore.cpp b/lib/Target/ARM/Disassembler/ARMDisassemblerCore.cpp index e000cab815b..cc2469f8c29 100644 --- a/lib/Target/ARM/Disassembler/ARMDisassemblerCore.cpp +++ b/lib/Target/ARM/Disassembler/ARMDisassemblerCore.cpp @@ -2945,6 +2945,9 @@ static bool DisassembleMiscFrm(MCInst &MI, unsigned Opcode, uint32_t insn, // no current handling of optional arguments. Fix here when a better handling // of optional arguments is implemented. if (Opcode == ARM::CPS3p) { + // Let's reject impossible imod values by returning false. + if (slice(insn, 19, 18) == 0 || slice(insn, 19, 18) == 1) + return false; MI.addOperand(MCOperand::CreateImm(slice(insn, 19, 18))); // imod MI.addOperand(MCOperand::CreateImm(slice(insn, 8, 6))); // iflags MI.addOperand(MCOperand::CreateImm(slice(insn, 4, 0))); // mode