mappzor
commented
2 years ago Of course fuzzing it wouldn't hurt, more testing and more redundancy is always better :) However this is a deliberate decision. ZydisEncoderEncodeInstructionAbsolute is a relatively thin wrapper around ZydisEncoderEncodeInstructionInternal (shared with ZydisEncoderEncodeInstruction). Majority of its logic (which might seem a bit intimidating at first) is actually triggered very rarely, only for control flow intructions with relative operands. That's a very tiny subset of whole ISA, few dozens of variants out of ~7800. This observation led me to a conclusion that small deterministic test suite can exhaustively test this function with great coverage and that's exactly what ZydisTestEncoderAbsolute is doing. Another reason to prioritize regular tests is actually related to the same observation. Generic fuzzers struggle to find such narrow cases. This function would benefit from a slightly more guided fuzzer which comes at the cost of extra time spent on implementation. Taking all of this into consideration, deterministic testing was heavily prioritized here.
While
ZydisEncoderEncodeInstructionis covered,ZydisEncoderEncodeInstructionAbsoluteisn't.