blob: eedacd67a93a1b9b6a970474e8eed7bc72a08237 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
semantic: 0.658
device: 0.057
other: 0.049
graphic: 0.039
debug: 0.037
vnc: 0.027
permissions: 0.024
boot: 0.020
performance: 0.017
PID: 0.017
files: 0.017
socket: 0.015
network: 0.014
KVM: 0.008
semantic: 0.837
debug: 0.071
other: 0.019
files: 0.016
performance: 0.013
PID: 0.008
device: 0.007
KVM: 0.005
network: 0.005
graphic: 0.004
permissions: 0.004
boot: 0.004
socket: 0.004
vnc: 0.002
x86 ADOX and ADCX semantic bug
Description of problem
The result of instruction ADOX and ADCX are different from the CPU. The value of one of EFLAGS is different.
Steps to reproduce
Compile this code
void main() {
asm("push 512; popfq;");
asm("mov rax, 0xffffffff84fdbf24");
asm("mov rbx, 0xb197d26043bec15d");
asm("adox eax, ebx");
}
Execute and compare the result with the CPU. This problem happens with ADCX, too (with CF).
CPU
OF = 0
QEMU
OF = 1
Additional information
This bug is discovered by research conducted by KAIST SoftSec.
|