blob: 7919bf6cc24ddb49d2ff3b20c2cf5c2f7fb3cce9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
semantic: 0.990
graphic: 0.782
device: 0.776
debug: 0.706
vnc: 0.663
boot: 0.599
socket: 0.556
permissions: 0.500
performance: 0.460
network: 0.426
files: 0.374
PID: 0.343
other: 0.286
KVM: 0.240
semantic: 0.984
debug: 0.322
other: 0.031
files: 0.023
performance: 0.015
PID: 0.007
device: 0.005
KVM: 0.003
network: 0.002
boot: 0.002
graphic: 0.002
permissions: 0.002
socket: 0.002
vnc: 0.001
x86 ADOX and ADCX semantic bug
Description of problem
The result of instruction ADOX and ADCX are different from the CPU. The value of one of EFLAGS is different.
Steps to reproduce
Compile this code
void main() {
asm("push 512; popfq;");
asm("mov rax, 0xffffffff84fdbf24");
asm("mov rbx, 0xb197d26043bec15d");
asm("adox eax, ebx");
}
Execute and compare the result with the CPU. This problem happens with ADCX, too (with CF).
CPU
OF = 0
QEMU
OF = 1
Additional information
This bug is discovered by research conducted by KAIST SoftSec.
|