From cef4feeaf9c64e03a6728f267750ac2fb32eb9ff Mon Sep 17 00:00:00 2001
From: iximeow <me@iximeow.net>
Date: Sat, 21 Aug 2021 12:13:01 -0700
Subject: report memory sizes for push, pop, call, ret

these instructions had memory sizes reported for the operand, if it was
a memory operand, but for versions with non-memory operands the decoded
`Instruction` would imply that non memory access would happen at all.
now, decoded instructions in these cases will report a more useful
memory size.
---
 src/lib.rs                     |  7 +++++++
 src/long_mode/mod.rs           | 32 +++++++++++++++++++++++++++++++-
 src/protected_mode/mod.rs      | 28 +++++++++++++++++++++++++++-
 src/real_mode/mod.rs           | 29 +++++++++++++++++++++++++++--
 test/long_mode/operand.rs      | 18 ++++++++++++++++++
 test/protected_mode/operand.rs | 18 ++++++++++++++++++
 test/real_mode/mod.rs          |  3 +++
 test/real_mode/operand.rs      | 20 ++++++++++++++++++++
 8 files changed, 151 insertions(+), 4 deletions(-)
 create mode 100644 test/real_mode/operand.rs

diff --git a/src/lib.rs b/src/lib.rs
index 84353ba..46bebdb 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -185,3 +185,10 @@ impl core::fmt::Display for MemoryAccessSize {
         f.write_str(self.size_name())
     }
 }
+
+#[cfg(feature = "fmt")]
+impl core::fmt::Debug for MemoryAccessSize {
+    fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result {
+        core::fmt::Display::fmt(self, f)
+    }
+}
diff --git a/src/long_mode/mod.rs b/src/long_mode/mod.rs
index 039d550..a01e854 100644
--- a/src/long_mode/mod.rs
+++ b/src/long_mode/mod.rs
@@ -7396,6 +7396,9 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             if immsz == 0 {
                 instruction.operands[0] = OperandSpec::ImmI8;
             } else {
+                if instruction.opcode == Opcode::CALL {
+                    instruction.mem_size = 8;
+                }
                 instruction.operands[0] = OperandSpec::ImmI32;
             }
             instruction.operand_count = 1;
@@ -7420,6 +7423,7 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
                         };
                         instruction.regs[0] =
                             RegSpec::from_parts(reg, instruction.prefixes.rex_unchecked().b(), bank);
+                        instruction.mem_size = 8;
                         instruction.operand_count = 1;
                     }
                     1 => {
@@ -7615,12 +7619,27 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             if instruction.operands[0] == OperandSpec::RegMMM {
                 if opcode == Opcode::CALL || opcode == Opcode::JMP {
                     instruction.regs[1].bank = RegisterBank::Q;
+                    if opcode == Opcode::CALL {
+                        instruction.mem_size = 8;
+                    }
+                } else if opcode == Opcode::PUSH || opcode == Opcode::POP {
+                    if instruction.prefixes.operand_size() {
+                        instruction.mem_size = 2;
+                    } else {
+                        instruction.mem_size = 8;
+                    }
                 } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF {
                     return Err(DecodeError::InvalidOperand);
                 }
             } else {
-                if opcode == Opcode::CALL || opcode == Opcode::JMP || opcode == Opcode::PUSH || opcode == Opcode::POP {
+                if opcode == Opcode::CALL || opcode == Opcode::JMP {
                     instruction.mem_size = 8;
+                } else if opcode == Opcode::PUSH || opcode == Opcode::POP {
+                    if instruction.prefixes.operand_size() {
+                        instruction.mem_size = 2;
+                    } else {
+                        instruction.mem_size = 8;
+                    }
                 } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF {
                     instruction.mem_size = 10;
                 }
@@ -7749,6 +7768,12 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             if instruction.opcode == Opcode::Invalid {
                 return Err(DecodeError::InvalidOpcode);
             }
+            if instruction.opcode == Opcode::RETURN {
+                instruction.mem_size = 8;
+            } else if instruction.opcode == Opcode::RETF {
+                instruction.mem_size = 10;
+            }
+            // TODO: leave?
             instruction.operands[0] = OperandSpec::Nothing;
             instruction.operand_count = 0;
             return Ok(());
@@ -9273,6 +9298,11 @@ fn unlikely_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as y
             instruction.imm =
                 read_imm_unsigned(words, 2)?;
             instruction.operands[0] = OperandSpec::ImmU16;
+            if instruction.opcode == Opcode::RETURN {
+                instruction.mem_size = 8;
+            } else {
+                instruction.mem_size = 10;
+            }
             instruction.operand_count = 1;
         }
         OperandCode::ModRM_0x0f00 => {
diff --git a/src/protected_mode/mod.rs b/src/protected_mode/mod.rs
index a06af4c..8381d68 100644
--- a/src/protected_mode/mod.rs
+++ b/src/protected_mode/mod.rs
@@ -7235,6 +7235,7 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
                         };
                         instruction.regs[0] =
                             RegSpec::from_parts(reg, bank);
+                        instruction.mem_size = 4;
                         instruction.operand_count = 1;
                     }
                     1 => {
@@ -7328,6 +7329,9 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             if immsz == 0 {
                 instruction.operands[0] = OperandSpec::ImmI8;
             } else {
+                if instruction.opcode == Opcode::CALL {
+                    instruction.mem_size = 4;
+                }
                 instruction.operands[0] = OperandSpec::ImmI32;
             }
             instruction.operand_count = 1;
@@ -7505,12 +7509,21 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             if instruction.operands[0] == OperandSpec::RegMMM {
                 if opcode == Opcode::CALL || opcode == Opcode::JMP {
                     instruction.regs[1].bank = RegisterBank::D;
+                    if opcode == Opcode::CALL {
+                        instruction.mem_size = 4;
+                    }
                 } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF {
                     return Err(DecodeError::InvalidOperand);
                 }
             } else {
-                if opcode == Opcode::CALL || opcode == Opcode::JMP || opcode == Opcode::PUSH || opcode == Opcode::POP {
+                if opcode == Opcode::CALL || opcode == Opcode::JMP {
                     instruction.mem_size = 4;
+                } else if opcode == Opcode::PUSH || opcode == Opcode::POP {
+                    if instruction.prefixes.operand_size() {
+                        instruction.mem_size = 2;
+                    } else {
+                        instruction.mem_size = 4;
+                    }
                 } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF {
                     instruction.mem_size = 6;
                 }
@@ -7653,6 +7666,14 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             instruction.operand_count = 1;
         }
         28 => {
+            if instruction.opcode == Opcode::Invalid {
+                return Err(DecodeError::InvalidOpcode);
+            }
+            if instruction.opcode == Opcode::RETURN {
+                instruction.mem_size = 4;
+            } else {
+                instruction.mem_size = 6;
+            }
             instruction.operands[0] = OperandSpec::Nothing;
             instruction.operand_count = 0;
             return Ok(());
@@ -9132,6 +9153,11 @@ fn unlikely_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as y
             instruction.imm =
                 read_imm_unsigned(words, 2)?;
             instruction.operands[0] = OperandSpec::ImmU16;
+            if instruction.opcode == Opcode::RETURN {
+                instruction.mem_size = 4;
+            } else {
+                instruction.mem_size = 6;
+            }
             instruction.operand_count = 1;
         }
         OperandCode::ModRM_0x0f00 => {
diff --git a/src/real_mode/mod.rs b/src/real_mode/mod.rs
index fbfc687..548c42e 100644
--- a/src/real_mode/mod.rs
+++ b/src/real_mode/mod.rs
@@ -7236,6 +7236,7 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
                         };
                         instruction.regs[0] =
                             RegSpec::from_parts(reg, bank);
+                        instruction.mem_size = 2;
                         instruction.operand_count = 1;
                     }
                     1 => {
@@ -7329,6 +7330,9 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             if immsz == 0 {
                 instruction.operands[0] = OperandSpec::ImmI8;
             } else {
+                if instruction.opcode == Opcode::CALL {
+                    instruction.mem_size = 2;
+                }
                 instruction.operands[0] = OperandSpec::ImmI32;
             }
             instruction.operand_count = 1;
@@ -7506,11 +7510,19 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             if instruction.operands[0] == OperandSpec::RegMMM {
                 // in real mode, `xed` reports that operand-size does in fact override from word to
                 // dword. unlikely larger modes, operand-size can't shrink the call operand down.
-                if opcode == Opcode::CALLF || opcode == Opcode::JMPF {
+                if opcode == Opcode::CALL {
+                    instruction.mem_size = 2;
+                } else if opcode == Opcode::CALLF || opcode == Opcode::JMPF {
                     return Err(DecodeError::InvalidOperand);
                 }
             } else {
-                if opcode == Opcode::CALL || opcode == Opcode::JMP || opcode == Opcode::PUSH || opcode == Opcode::POP {
+                if opcode == Opcode::CALL || opcode == Opcode::JMP {
+                    if instruction.prefixes.operand_size() {
+                        instruction.mem_size = 4;
+                    } else {
+                        instruction.mem_size = 2;
+                    }
+                } else if opcode == Opcode::PUSH || opcode == Opcode::POP {
                     if instruction.prefixes.operand_size() {
                         instruction.mem_size = 4;
                     } else {
@@ -7658,6 +7670,14 @@ fn read_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as yaxpe
             instruction.operand_count = 1;
         }
         28 => {
+            if instruction.opcode == Opcode::Invalid {
+                return Err(DecodeError::InvalidOpcode);
+            }
+            if instruction.opcode == Opcode::RETURN {
+                instruction.mem_size = 2;
+            } else {
+                instruction.mem_size = 4;
+            }
             instruction.operands[0] = OperandSpec::Nothing;
             instruction.operand_count = 0;
             return Ok(());
@@ -9140,6 +9160,11 @@ fn unlikely_operands<T: Reader<<Arch as yaxpeax_arch::Arch>::Address, <Arch as y
             instruction.imm =
                 read_imm_unsigned(words, 2)?;
             instruction.operands[0] = OperandSpec::ImmU16;
+            if instruction.opcode == Opcode::RETURN {
+                instruction.mem_size = 2;
+            } else {
+                instruction.mem_size = 4;
+            }
             instruction.operand_count = 1;
         }
         OperandCode::ModRM_0x0f00 => {
diff --git a/test/long_mode/operand.rs b/test/long_mode/operand.rs
index 7be8d82..4cdaf35 100644
--- a/test/long_mode/operand.rs
+++ b/test/long_mode/operand.rs
@@ -28,3 +28,21 @@ fn memory_widths() {
     assert_eq!(mem_size_of(&[0x33, 0x00]).size_name(), "dword");
     assert_eq!(mem_size_of(&[0x48, 0x33, 0x00]).size_name(), "qword");
 }
+
+#[test]
+fn test_implied_memory_width() {
+    fn mem_size_of(data: &[u8]) -> Option<u8> {
+        let decoder = InstDecoder::default();
+        decoder.decode_slice(data).unwrap().mem_size().unwrap().bytes_size()
+    }
+
+    // test push, pop, call, and ret
+    assert_eq!(mem_size_of(&[0xc3]), Some(8));
+    assert_eq!(mem_size_of(&[0xe8, 0x11, 0x22, 0x33, 0x44]), Some(8));
+    assert_eq!(mem_size_of(&[0x50]), Some(8));
+    assert_eq!(mem_size_of(&[0x58]), Some(8));
+    assert_eq!(mem_size_of(&[0x66, 0x50]), Some(8));
+    assert_eq!(mem_size_of(&[0x66, 0x58]), Some(8));
+    assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(8));
+    assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(2));
+}
diff --git a/test/protected_mode/operand.rs b/test/protected_mode/operand.rs
index fd850da..a114e69 100644
--- a/test/protected_mode/operand.rs
+++ b/test/protected_mode/operand.rs
@@ -26,3 +26,21 @@ fn memory_widths() {
     assert_eq!(mem_size_of(&[0x66, 0x33, 0x00]).size_name(), "word");
     assert_eq!(mem_size_of(&[0x33, 0x00]).size_name(), "dword");
 }
+
+#[test]
+fn test_implied_memory_width() {
+    fn mem_size_of(data: &[u8]) -> Option<u8> {
+        let decoder = InstDecoder::default();
+        decoder.decode_slice(data).unwrap().mem_size().unwrap().bytes_size()
+    }
+
+    // test push, pop, call, and ret
+    assert_eq!(mem_size_of(&[0xc3]), Some(4));
+    assert_eq!(mem_size_of(&[0xe8, 0x11, 0x22, 0x33, 0x44]), Some(4));
+    assert_eq!(mem_size_of(&[0x50]), Some(4));
+    assert_eq!(mem_size_of(&[0x58]), Some(4));
+    assert_eq!(mem_size_of(&[0x66, 0x50]), Some(4));
+    assert_eq!(mem_size_of(&[0x66, 0x58]), Some(4));
+    assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(4));
+    assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(2));
+}
diff --git a/test/real_mode/mod.rs b/test/real_mode/mod.rs
index 6005f07..8543fae 100644
--- a/test/real_mode/mod.rs
+++ b/test/real_mode/mod.rs
@@ -1,3 +1,5 @@
+mod operand;
+
 use std::fmt::Write;
 
 use yaxpeax_arch::{AddressBase, Decoder, U8Reader, LengthedInstruction};
@@ -17892,6 +17894,7 @@ fn test_real_mode() {
     test_display(&[0xff, 0x08], "dec word [bx + si]");
     test_display(&[0xff, 0x15], "call word [di]");
     test_display(&[0x67, 0xff, 0x15, 0x12, 0x12, 0x12, 0x12], "call word [0x12121212]");
+    // note that this call only writes two bytes, and only moves sp by two.
     test_display(&[0x66, 0xff, 0x15], "call dword [di]");
     test_display(&[0xff, 0x18], "callf dword [bx + si]");
     test_display(&[0xff, 0x24], "jmp word [si]");
diff --git a/test/real_mode/operand.rs b/test/real_mode/operand.rs
new file mode 100644
index 0000000..e037fee
--- /dev/null
+++ b/test/real_mode/operand.rs
@@ -0,0 +1,20 @@
+use yaxpeax_x86::real_mode::{InstDecoder, Operand, RegSpec};
+use yaxpeax_x86::MemoryAccessSize;
+
+#[test]
+fn test_implied_memory_width() {
+    fn mem_size_of(data: &[u8]) -> Option<u8> {
+        let decoder = InstDecoder::default();
+        decoder.decode_slice(data).unwrap().mem_size().unwrap().bytes_size()
+    }
+
+    // test push, pop, call, and ret
+    assert_eq!(mem_size_of(&[0xc3]), Some(2));
+    assert_eq!(mem_size_of(&[0xe8, 0x11, 0x22, 0x33, 0x44]), Some(2));
+    assert_eq!(mem_size_of(&[0x50]), Some(2));
+    assert_eq!(mem_size_of(&[0x58]), Some(2));
+    assert_eq!(mem_size_of(&[0x66, 0x50]), Some(2));
+    assert_eq!(mem_size_of(&[0x66, 0x58]), Some(2));
+    assert_eq!(mem_size_of(&[0xff, 0xf0]), Some(2));
+    assert_eq!(mem_size_of(&[0x66, 0xff, 0xf0]), Some(4));
+}
-- 
cgit v1.1