search

capstone-engine / capstone

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
http://www.capstone-engine.org
7.3k stars 1.53k forks source link

sparcv9 radare2/capstone #426

Closed zonkzonk closed 9 years ago

zonkzonk commented 9 years ago

Hi,

in revision d5a8e9dafe81990091ff648f23ffe92c67e34bb8

the following bug happens in sparc code with radare2:

https://github.com/radare/radare2/issues/3008

Greetings --zlul

aquynh commented 9 years ago

can you provide the input (in hexcode format) triggering the problem? the link above looks confused to me.

thanks.

zonkzonk commented 9 years ago

see updated issue. I don't know exactly what input bytes trigger this, but you can look at bt full output. I can also provide valgrind output.

Greetings --zlul

aquynh commented 9 years ago

i looked at that, but it is still not clear what causes the issue.

i can fix this very quickly if you can give me the input (best in hexcode form), so please narrow down on what input triggers this segfault.

thanks.

zonkzonk commented 9 years ago

did an additional strace -Divx. Though I did not find the exact input trigger.

radare commented 9 years ago

Which version of capstone are you using? The one shipped with r2-git, or using the system one from the last release?

I cannot reproduce your issue with r2.

On 28 Jul 2015, at 00:51, zonkzonk notifications@github.com wrote:

did an additional strace -Divx. Though I did not find the exact input trigger.

— Reply to this email directly or view it on GitHub.

zonkzonk commented 9 years ago

capstone version from r2-git: d5a8e9dafe81990091ff648f23ffe92c67e34bb8

radare commented 9 years ago

I have reproduced and tested the issue. it happens with and without detail, also with and without v9 bit set. The crashing bytes are BB 70 00 00. You can reproduce this by building r2 with ASAN or running it with valgrind:

$ rasm2 -a sparc -b 32 -d bb700000
aquynh commented 9 years ago

what is the expected output here?

thanks.

radare commented 9 years ago

I guess its an invalid instruction but the problem is that it is segfaulting

On 28 Jul 2015, at 04:06, Nguyen Anh Quynh notifications@github.com wrote:

what is the expected output here?

thanks.

— Reply to this email directly or view it on GitHub.

aquynh commented 9 years ago

confirmed. this bug comes from LLVM itself.

will see how to fix this, thanks.

radare commented 9 years ago

thanks!

On 28 Jul 2015, at 12:18, Nguyen Anh Quynh notifications@github.com wrote:

confirmed. this bug comes from LLVM itself.

will see how to fix this, thanks.

— Reply to this email directly or view it on GitHub https://github.com/aquynh/capstone/issues/426#issuecomment-125540927.

radare commented 9 years ago

any updates on this?

aquynh commented 9 years ago

I can fix this issue now, but will take few days to integrate with the code properly. will commit the fix in few days.

On Aug 8, 2015 9:33 AM, "radare" notifications@github.com wrote:

any updates on this?

— Reply to this email directly or view it on GitHub.

aquynh commented 9 years ago

the right output is popc %g0, %i5

fixed in the "next" branch now. will fix it in "master" branch later.

thanks.

radare commented 9 years ago

thanks

aquynh commented 9 years ago

fixed in the "master" branch, too.