displacements are stored as unsigned, but are functionally signed ints

so multiplying to expand EVEX compressed offsets can overflow, and that
needs to be okay.

3 files changed, 18 insertions, 0 deletions

diff --git a/test/long_mode/mod.rs b/test/long_mode/mod.rs
index 1efa74e..ee0ab4e 100644
--- a/test/long_mode/mod.rs
+++ b/test/long_mode/mod.rs
@@ -3390,3 +3390,9 @@ fn test_sevsnp() {
 fn from_llvm() {
     test_display(&[0xf3, 0x0f, 0x3a, 0xf0, 0xc0, 0x01], "hreset 0x1");
 }
+
+#[test]
+fn from_reports() {
+    // negative compressed evex displacements should not overflow and panic
+    test_display(&[0x62, 0xf2, 0x6d, 0xac, 0x00, 0x59, 0xa7], "vpshufb ymm3{k4}{z}, ymm2, ymmword [rcx - 0xb20]");
+}
diff --git a/test/protected_mode/mod.rs b/test/protected_mode/mod.rs
index 4b8ca8d..70dfb78 100644
--- a/test/protected_mode/mod.rs
+++ b/test/protected_mode/mod.rs
@@ -3077,3 +3077,9 @@ fn test_sevsnp() {
 fn from_llvm() {
     test_display(&[0xf3, 0x0f, 0x3a, 0xf0, 0xc0, 0x01], "hreset 0x1");
 }
+
+#[test]
+fn from_reports() {
+    // negative compressed evex displacements should not overflow and panic
+    test_display(&[0x62, 0xf2, 0x6d, 0xac, 0x00, 0x59, 0xa7], "vpshufb ymm3{k4}{z}, ymm2, ymmword [ecx - 0xb20]");
+}
diff --git a/test/real_mode/mod.rs b/test/real_mode/mod.rs
index 6dcc3a2..b13358a 100644
--- a/test/real_mode/mod.rs
+++ b/test/real_mode/mod.rs
@@ -18362,3 +18362,9 @@ fn test_invalid_sequences() {
     test_invalid(&[0xf3, 0xf2, 0x0f, 0xae, 0x8f, 0x54, 0x3c, 0x58, 0xb7]);
     test_invalid(&[0xff, 0xd8]);
 }
+
+#[test]
+fn from_reports() {
+    // negative compressed evex displacements should not overflow and panic
+    test_display(&[0x62, 0xf2, 0x6d, 0xac, 0x00, 0x59, 0xa7], "vpshufb ymm3{k4}{z}, ymm2, ymmword [bx + di - 0xb20]");
+}