Sign extends x86 AND operand (capstone bug) (#852)

* Sign extends x86 AND operand (capstone bug) Fixes #560 * Regression test for X86 AND with sign extension For issue #560
2018-04-24 12:32:18 +02:00 · 2018-04-24 12:32:18 +02:00 · fb3c01fe1c
commit fb3c01fe1c
parent 4a98110f4a
2 changed files with 43 additions and 1 deletions
--- a/manticore/core/cpu/x86.py
+++ b/manticore/core/cpu/x86.py
@ -889,7 +889,13 @@ class X86Cpu(Cpu):
        :param dest: destination operand.
        :param src: source operand.
        '''
-        res = dest.write(dest.read() & src.read())
+        # XXX bypass a capstone bug that incorrectly extends and computes operands sizes
+        # the bug has been fixed since capstone 4.0.alpha2 (commit de8dd26)
+        if src.size == 64 and src.type == 'immediate' and dest.size == 64:
+            arg1 = Operators.SEXTEND(src.read(), 32, 64)
+        else:
+            arg1 = src.read()
+        res = dest.write(dest.read() & arg1)
        # Defined Flags: szp
        cpu._calculate_logic_flags(dest.size, res)

--- a/tests/test_cpu_manual.py
+++ b/tests/test_cpu_manual.py
@ -711,6 +711,42 @@ class SymCPUTest(unittest.TestCase):

        self.assertTrue(solver.check(cs))

+    # regression test for issue #560
+    def test_AND_1(self):
+        ''' Instruction AND
+            Groups:
+            0x7ffff7de390a:	and rax, 0xfc000000
+        '''
+        mem = Memory64()
+        cpu = AMD64Cpu(mem)
+        mem.mmap(0x7ffff7de3000, 0x1000, 'rwx')
+        mem[0x7ffff7de390a] = '\x48'
+        mem[0x7ffff7de390b] = '\x25'
+        mem[0x7ffff7de390c] = '\x00'
+        mem[0x7ffff7de390d] = '\x00'
+        mem[0x7ffff7de390e] = '\x00'
+        mem[0x7ffff7de390f] = '\xfc'
+        cpu.PF = True
+        cpu.RAX = 0x7ffff7ff7658
+        cpu.OF = False
+        cpu.ZF = False
+        cpu.CF = False
+        cpu.RIP = 0x7ffff7de390a
+        cpu.SF = False
+        cpu.execute()
+        self.assertEqual(mem[0x7ffff7de390a], '\x48')
+        self.assertEqual(mem[0x7ffff7de390b], '\x25')
+        self.assertEqual(mem[0x7ffff7de390c], '\x00')
+        self.assertEqual(mem[0x7ffff7de390d], '\x00')
+        self.assertEqual(mem[0x7ffff7de390e], '\x00')
+        self.assertEqual(mem[0x7ffff7de390f], '\xfc')
+        self.assertEqual(cpu.PF, True)
+        self.assertEqual(cpu.RAX, 0x7ffff4000000)
+        self.assertEqual(cpu.OF, False)
+        self.assertEqual(cpu.ZF, False)
+        self.assertEqual(cpu.CF, False)
+        self.assertEqual(cpu.RIP, 0x7ffff7de3910)
+        self.assertEqual(cpu.SF, False)

    def test_CMPXCHG8B_symbolic(self):
        '''CMPXCHG8B'''