Merge pull request #2790 from cimarronm/lea-invalid-opcode

Dynamic Cores - Invalid LEA instruction
2025-05-09 03:41:10 +08:00 · 2021-08-12 22:26:57 -06:00 · 2021-08-12 22:26:57 -06:00 · 4df9156d28
commit 4df9156d28
parent 637fb565b6 c2c32ff2ae
6 changed files with 11 additions and 5 deletions
--- a/src/cpu/core_dyn_x86/decoder.h
+++ b/src/cpu/core_dyn_x86/decoder.h
@ -2783,6 +2783,7 @@ restart_prefix:
 		/* LEA Gv */
 		case 0x8d:
 			dyn_get_modrm();
+			if (GCC_UNLIKELY(decode.modrm.mod==3)) goto illegalopcode;  // Direct register causes #UD exception
 			if (decode.big_op) {
 				dyn_fill_ea(false,&DynRegs[decode.modrm.reg]);
 			} else {
--- a/src/cpu/core_dynrec/decoder.h
+++ b/src/cpu/core_dynrec/decoder.h
@ -329,7 +329,11 @@ restart_prefix:
 		case 0x8c:dyn_mov_ev_seg();break;

 		// load effective address
-		case 0x8d:dyn_lea();break;
+		case 0x8d:
+			dyn_get_modrm();
+			if (GCC_UNLIKELY(decode.modrm.mod==3)) goto illegalopcode;  // Direct register causes #UD exception
+			dyn_lea();
+			break;

 		// move a value from memory or a 16bit register into a segment register
 		case 0x8e:dyn_mov_seg_ev();break;
--- a/src/cpu/core_dynrec/decoder_opcodes.h
+++ b/src/cpu/core_dynrec/decoder_opcodes.h
@ -396,7 +396,6 @@ static void dyn_mov_ev_seg(void) {


 static void dyn_lea(void) {
-	dyn_get_modrm();
 	dyn_fill_ea(FC_ADDR,false);
 	MOV_REG_WORD_FROM_HOST_REG(FC_ADDR,decode.modrm.reg,decode.big_op);
 }
--- a/src/cpu/core_full/load.h
+++ b/src/cpu/core_full/load.h
@ -175,6 +175,7 @@ l_M_Ed:
 			inst_op2_d=LoadMw(inst.rm_eaa+4);
 			break;
 		case M_EA:
+			if (inst.rm>=0xc0) goto illegalopcode;
 			inst_op1_d=inst.rm_off;
 			break;
 		case M_POPw:
--- a/src/cpu/core_normal/prefix_66.h
+++ b/src/cpu/core_normal/prefix_66.h
@ -358,8 +358,9 @@
 			}	
 	CASE_D(0x8d)												/* LEA Gd */
 		{
-			//Little hack to always use segprefixed version
 			GetRMrd;
+			if (rm >= 0xc0) goto illegal_opcode;
+			//Little hack to always use segprefixed version
 			BaseDS=BaseSS=0;
 			if (TEST_PREFIX_ADDR) {
 				*rmrd=(uint32_t)(*EATable[256+rm])();
--- a/src/cpu/core_normal/prefix_none.h
+++ b/src/cpu/core_normal/prefix_none.h
@ -541,10 +541,10 @@
 		}
 	CASE_W(0x8d)												/* LEA Gw */
 		{
-			//Little hack to always use segprefixed version
-			BaseDS=BaseSS=0;
 			GetRMrw;
 			if (rm >= 0xc0) goto illegal_opcode;     // Direct register causes #UD exception
+			//Little hack to always use segprefixed version
+			BaseDS=BaseSS=0;
 			if (TEST_PREFIX_ADDR) {
 				*rmrw=(uint16_t)(*EATable[256+rm])();
 			} else {