[X86][Disassembler] Fix a bug when disassembling an empty string

readPrefixes() assumes insn->bytes is non-empty. The code path is not exercised in llvm-mc because llvm-mc does not feed empty input to MCDisassembler::getInstruction(). This bug is uncovered by a5994c789a. An empty string did not crash before because the deleted regionReader() allowed UINT64_C(-1) as insn->readerCursor. Bytes.size() <= Address -> R->Base 0 <= UINT64_C(-1) - UINT32_C(-1)
2020-01-13 10:34:10 -08:00 · 2020-01-13 10:34:10 -08:00 · 64a93afc3c
parent 484a7472f1
commit 64a93afc3c
2 changed files with 7 additions and 1 deletions
--- a/llvm/lib/Target/X86/Disassembler/X86Disassembler.cpp
+++ b/llvm/lib/Target/X86/Disassembler/X86Disassembler.cpp
@ -203,6 +203,8 @@ static bool isREX(struct InternalInstruction *insn, uint8_t prefix) {
 // Consumes all of an instruction's prefix bytes, and marks the
 // instruction as having them.  Also sets the instruction's default operand,
 // address, and other relevant data sizes to report operands correctly.
+//
+// insn must not be empty.
 static int readPrefixes(struct InternalInstruction *insn) {
  bool isPrefix = true;
  uint8_t byte = 0;
@ -1707,7 +1709,7 @@ MCDisassembler::DecodeStatus X86GenericDisassembler::getInstruction(
  Insn.readerCursor = Address;
  Insn.mode = fMode;

-  if (readPrefixes(&Insn) || readOpcode(&Insn) ||
+  if (Bytes.empty() || readPrefixes(&Insn) || readOpcode(&Insn) ||
      getInstructionID(&Insn, MII.get()) || Insn.instructionID == 0 ||
      readOperands(&Insn)) {
    Size = Insn.readerCursor - Address;
--- a/llvm/unittests/MC/Disassembler.cpp
+++ b/llvm/unittests/MC/Disassembler.cpp
@ -38,6 +38,10 @@ TEST(Disassembler, X86Test) {
  unsigned NumBytes = sizeof(Bytes);
  unsigned PC = 0;

+  InstSize =
+      LLVMDisasmInstruction(DCR, BytesP, 0, PC, OutString, OutStringSize);
+  EXPECT_EQ(InstSize, 0U);
+
  InstSize = LLVMDisasmInstruction(DCR, BytesP, NumBytes, PC, OutString,
                                   OutStringSize);
  EXPECT_EQ(InstSize, 1U);