The cmpxchg8b opcode is only valid if the nnn bits
in the mod/rm byte are 001, otherwise an #UD should
be generated. The attached patch fixes this.
Bernhard Kauer
Index: target-i386/translate.c
--- target-i386/translate.c 8 Nov 2007 14:25:03 -0000 1.74
+++ target-i386/translate.c 18 Dec 2007 12:14:08 -0000
@@ -3887,7 +3887,7 @@
case 0x1c7: /* cmpxchg8b */
modrm = ldub_code(s->pc++);
mod = (modrm >> 6) & 3;
- if (mod == 3)
+ if ((mod == 3) || ((modrm & 0x38) != 0x8))
goto illegal_op;
gen_jmp_im(pc_start - s->cs_base);
if (s->cc_op != CC_OP_DYNAMIC)
