Open dougkwan opened 15 hours ago
I adapted the 64-bit to fix the 32-bit case and it seems to be okay:
--- a/xed/src/dec/xed-agen.c 2023-10-16 11:59:57.000000000 +0000
+++ b/xed/src/dec/xed-agen.c 2024-10-17 22:50:17.403914144 +0000
@@ -128,10 +128,17 @@
}
else if (addr_width == 32) {
xed_uint32_t base32 = base_value;
- xed_uint32_t index32 = index_value;
xed_uint32_t disp32 = XED_STATIC_CAST(xed_uint32_t, displacement);
- xed_uint32_t ea32 = base32 + index32 * scale + disp32;
- xed_uint32_t lin32 = segment_base + ea32;
+ xed_uint32_t lin32 = 0;
+ if (base_reg == XED_REG_EIP) {
+ xed_uint32_t inst_len = xed_decoded_inst_get_length(xedd);
+ lin32 = base32 + inst_len + displacement;
+ }
+ else {
+ xed_uint32_t index32 = index_value;
+ xed_uint32_t ea32 = base32 + index32 * scale + disp32;
+ lin32 = segment_base + ea32;
+ }
out = lin32;
// FIXME: big real mode!
}
xed_agen() uses the address of the instruction instead of the one after the instruction in eip-relative addresses. There was a similar bug for the 64-bit case with rip. It appears that the previous bug fix missed the 32-bit case. The following prorgram reproduces the bug.