Triton incompatible with Capstone 5 release candidate

[jordan9001]

Trying to use Triton when built against the latest capstone pre-release (5.0-rc2) leads to inability to disassemble instructions even segfaults.

I get consistent NULL derefs with the following built using (5.0-rc2)

from triton import *

ctx = TritonContext(ARCH.X86_64)

# should be repne scasw
# capstone 4 sees this as repne scasd
data = bytes.fromhex("66 F2 AF")

ins = Instruction(0x40000, data)

ctx.disassembly(ins)

The crash is here, due to a NULL detail. The instruction's op_str and mnemonic do not look correct either. https://github.com/JonathanSalwan/Triton/blob/master/src/libtriton/arch/x86/x8664Cpu.cpp#L524

*inst = {
  id = 623,
  address = 262144,
  size = 3,
  bytes = "f\362\257", '\000' <repeats 13 times>, "repne sc",
  mnemonic = "asd", '\000' <repeats 21 times>, "eax, dwo",
  op_str = "rd ptr [rdi]", '\000' <repeats 146 times>, "@\034",
  detail = 0x0
}

If I get time later in the week I can look more into this, but I figured I would get an issue up first. It would be nice to be able to use the latest capstone, as it fixes some disassembling problems I am running into.

[JonathanSalwan]

Hi @jordan9001

I'm pretty sure Capstone 5.0-rc2 is working fine with the current Triton version. This is what I already have on my machine and we also made Github actions to test Capstone 4.0.2 as well as 5.0-rc2.

I've also tested your snippet and it works well:

>>> from triton import *
>>>
>>> ctx = TritonContext(ARCH.X86_64)
>>> data = bytes.fromhex("66 F2 AF")
>>> ins = Instruction(0x40000, data)
>>> ctx.disassembly(ins)
>>> 
>>> print(ins)
0x40000: repne scasw ax, word ptr [rdi]

Maybe you have different Capstone versions on your machine and the library used during your compile mismatches the library linked/used by libtriton.so?

[jordan9001]

Thank you! Sorry, I should have realized. That is exactly it. A little bit of cleaning up another install and some ldconfig later, and it works perfectly.