| Issue |
95232
|
| Summary |
[Clang] Allows incorrect memory size directive.
|
| Labels |
clang
|
| Assignees |
|
| Reporter |
witbring
|
I discovered that the latest Clang improperly checks memory size directives.
## Case 1
I discovered that the latest Clang disallows valid memory size directives but allows invalid memory size directives.
Specifically, when I used the valid memory size directive "QWORD PTR" for clrssbsy and rstorssp instruction, Clang emitted an error message.
However, Clang accepted the invalid directive "DWORD PTR".
Buggy code
```
.intel_syntax noprefix
Bug:
clrssbsy DWORD PTR [RAX]
//Assembly Error
//clrssbsy QWORD PTR [RAX]
rstorssp DWORD PTR [RAX]
//Assembly Error
//rstorssp QWORD PTR [EAX]
```
Compiled Code
```
Bug:
clrssbsy QWORD PTR [rax]
```
You can reproduce it through godbolt
- x64: https://godbolt.org/z/sx3488hqe
- x86: https://godbolt.org/z/vbecf5dPG
## Case 2
I discovered that the latest Clang does not check memory size directives.
This error has been identified in 41 opcodes in x64 and 21 opcodes in x86.
Buggy Code (x64)
```
.intel_syntax noprefix
Bug:
aesencwide128kl ZMMWORD PTR [RAX]
aesencwide256kl ZMMWORD PTR [RAX]
aesdecwide128kl ZMMWORD PTR [RAX]
aesdecwide256kl ZMMWORD PTR [RAX]
call ZMMWORD PTR [RAX]
call WORD PTR [RAX]
jmp ZMMWORD PTR [RAX]
jmp WORD PTR [RAX]
fldenv ZMMWORD PTR [RAX]
fnsave ZMMWORD PTR [RAX]
frstor ZMMWORD PTR [RAX]
fxsave ZMMWORD PTR [RAX]
fnstenv ZMMWORD PTR [RAX]
fxrstor ZMMWORD PTR [RAX]
fxsave64 ZMMWORD PTR [RAX]
fxrstor64 ZMMWORD PTR [RAX]
ldtilecfg ZMMWORD PTR [RAX]
lgdt ZMMWORD PTR [RAX]
lidt ZMMWORD PTR [RAX]
sgdt ZMMWORD PTR [RAX]
sttilecfg ZMMWORD PTR [RAX]
xsave ZMMWORD PTR [RAX]
xrstor ZMMWORD PTR [RAX]
xsavec ZMMWORD PTR [RAX]
xsaves ZMMWORD PTR [RAX]
xrstors ZMMWORD PTR [RAX]
xsave64 ZMMWORD PTR [RAX]
xrstor64 ZMMWORD PTR [RAX]
xsavec64 ZMMWORD PTR [RAX]
xsaveopt ZMMWORD PTR [RAX]
xsaves64 ZMMWORD PTR [RAX]
xrstors64 ZMMWORD PTR [RAX]
xsaveopt64 ZMMWORD PTR [RAX]
```
Compiled Code (x64)
```
Bug:
aesencwide128kl [rax]
aesencwide256kl [rax]
aesdecwide128kl [rax]
aesdecwide256kl [rax]
call FWORD PTR [rax]
call FWORD PTR [rax]
jmp FWORD PTR [rax]
jmp FWORD PTR [rax]
fldenv [rax]
fnsave [rax]
frstor [rax]
fxsave [rax]
fnstenv [rax]
fxrstor [rax]
fxsave64 [rax]
fxrstor64 [rax]
ldtilecfg [rax]
lgdt [rax]
lidt [rax]
sgdt [rax]
sttilecfg [rax]
xsave [rax]
xrstor [rax]
xsavec [rax]
xsaves [rax]
xrstors [rax]
xsave64 [rax]
xrstor64 [rax]
xsavec64 [rax]
xsaveopt [rax]
xsaves64 [rax]
xrstors64 [rax]
xsaveopt64 [rax]
```
Buggy Code (x86)
```
.intel_syntax noprefix
Bug:
aesencwide128kl ZMMWORD PTR [EAX]
aesencwide256kl ZMMWORD PTR [EAX]
aesdecwide128kl ZMMWORD PTR [EAX]
aesdecwide256kl ZMMWORD PTR [EAX]
call ZMMWORD PTR [EAX]
call WORD PTR [EAX]
jmp ZMMWORD PTR [EAX]
jmp WORD PTR [EAX]
fldenv ZMMWORD PTR [EAX]
fnsave ZMMWORD PTR [EAX]
frstor ZMMWORD PTR [EAX]
fxsave ZMMWORD PTR [EAX]
fnstenv ZMMWORD PTR [EAX]
fxrstor ZMMWORD PTR [EAX]
lgdt ZMMWORD PTR [EAX]
lidt ZMMWORD PTR [EAX]
sgdt ZMMWORD PTR [EAX]
xsave ZMMWORD PTR [EAX]
xrstor ZMMWORD PTR [EAX]
xsavec ZMMWORD PTR [EAX]
xsaves ZMMWORD PTR [EAX]
xrstors ZMMWORD PTR [EAX]
xsaveopt ZMMWORD PTR [EAX]
```
Compiled Code (x86)
```
Bug:
aesencwide128kl [eax]
aesencwide256kl [eax]
aesdecwide128kl [eax]
aesdecwide256kl [eax]
call FWORD PTR [eax]
call WORD PTR [eax]
jmp FWORD PTR [eax]
jmp WORD PTR [eax]
fldenv [eax]
fnsave [eax]
frstor [eax]
fxsave [eax]
fnstenv [eax]
fxrstor [eax]
lgdtd [eax]
lidtd [eax]
sgdtd [eax]
xsave [eax]
xrstor [eax]
xsavec [eax]
xsaves [eax]
xrstors [eax]
xsaveopt [eax]
```
You can reproduce the bugs through Godbolt Site:
x64: https://godbolt.org/z/EvosqvGhr
x86: https://godbolt.org/z/4cYbsbGfG
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
