Disassembly Error, capstone failed to handle some long multi-byte NOPs in x86

[Mar3yZhang]

Work environment

Questions	Answers
OS/arch/bits	x86_64 Ubuntu 20.04
Architecture	x86_64
Source of Capstone	git clone, default on next branch.
Version/git commit	v6.0.0, d7be5f9

Instruction bytes giving faulty results

0x0f 0x1a 0xde

Expected results

It should be:

nop esi, ebx

Steps to get the wrong result

With cstool:

$ ./cstool -d x64 "0x0f 0x1a 0xde"
ERROR: invalid assembly code

$ ./cstool -d x64 "0xf0 0x1d 0xee" 
ERROR: invalid assembly code

$ ./cstool -d x64 "0x0f 0x1f 0x00"
 0  0f 1f 00                                         nop        dword ptr [rax]
        ID: 510 (nop)
        Prefix:0x00 0x00 0x00 0x00
        Opcode:0x0f 0x1f 0x00 0x00
        rex: 0x0
        addr_size: 8
        modrm: 0x0
        disp: 0x0
        sib: 0x0
        op_count: 1
                operands[0].type: MEM
                        operands[0].mem.base: REG = rax
                operands[0].size: 4
                operands[0].access: READ
        Registers read: rax

Additional Logs, screenshots, source code, configuration dump, ...

x86 (and x86_64) processors have single-byte NOP instructions and various multi-byte NOP-like instructions. Real-world compilers sometimes use multi-byte NOPs for code alignment and performance optimization purposes. Capstone seems to fail when encountering unusual multi-byte NOPs. Other x86 instruction decoders like Zydis, ICED, and XED can translate the byte sequence "0x0f 0x1a 0xde" into NOP.

[Rot127]

fyi: https://github.com/capstone-engine/capstone/discussions/2505

[Mar3yZhang]

fyi: #2505

Thank you for your prompt reply!