From 110f797005cca70e18cbcc0975397d26d8045245 Mon Sep 17 00:00:00 2001
From: iximeow <me@iximeow.net>
Date: Sat, 16 Dec 2023 13:26:48 -0800
Subject: fix opportunity for unhandled register synonyms

registers `al`, `cl`, `dl`, and `bl` could have two different
representations - with `rex.w` and without. these two forms of `RegSpec`
would not compare equal, nor has the same, so for code relying on
`RegSpec` to faithfully represent a 1-1 mapping to x86 registers, these
synonyms would introduce bugs in register analysis.

for example, in `yaxpeax-core`, this would result in instructions
writing to `rex.w al` not being visible as definitions for a future
read of `!rex.w al`.

fix this in `x86_64` code, add new test cases about the confusion,
adjust register names to make this situation more clearly a bug, and
introduce two new fuzz targets that would have helped spot this error.
---
 .../does_not_decode_invalid_registers.rs           | 30 ++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 fuzz/fuzz_targets/does_not_decode_invalid_registers.rs

(limited to 'fuzz/fuzz_targets/does_not_decode_invalid_registers.rs')

diff --git a/fuzz/fuzz_targets/does_not_decode_invalid_registers.rs b/fuzz/fuzz_targets/does_not_decode_invalid_registers.rs
new file mode 100644
index 0000000..0f32f73
--- /dev/null
+++ b/fuzz/fuzz_targets/does_not_decode_invalid_registers.rs
@@ -0,0 +1,30 @@
+//! instruction text should never include the word BUG - this is a symptom of selecting an invalid
+//! RegSpec while disassembling.
+
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate yaxpeax_x86;
+
+fuzz_target!(|data: &[u8]| {
+    let x86_64_decoder = yaxpeax_x86::long_mode::InstDecoder::default();
+    let x86_32_decoder = yaxpeax_x86::protected_mode::InstDecoder::default();
+    let x86_16_decoder = yaxpeax_x86::real_mode::InstDecoder::default();
+
+    if let Ok(inst) = x86_64_decoder.decode_slice(data) {
+        let mut res = String::new();
+        inst.write_to(&mut res).expect("format does not panic");
+        assert!(!res.contains("BUG"));
+    };
+
+    if let Ok(inst) = x86_32_decoder.decode_slice(data) {
+        let mut res = String::new();
+        inst.write_to(&mut res).expect("format does not panic");
+        assert!(!res.contains("BUG"));
+    };
+
+    if let Ok(inst) = x86_16_decoder.decode_slice(data) {
+        let mut res = String::new();
+        inst.write_to(&mut res).expect("format does not panic");
+        assert!(!res.contains("BUG"));
+    };
+});
-- 
cgit v1.1