The mov instruction (with operational code C7) must be followed by a ModR/M
byte with the Reg/Opcode field (bits 3 to 5) set to 0. Otherwise, it should
generate an invalid instruction exception (illegal_op).
See Intel 64 and IA-32 Architectures Software Developer's Manual Volume 2A:
Instruction Set Reference, A-M. Order Number: 253666-049US February 2014. See
"MOV—Move" in Chapter 3.
Signed-off-by: Xabier Ugarte-Pedrero <xabier.uga...@deusto.es>
---
target-i386/translate.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/target-i386/translate.c b/target-i386/translate.c
index 733e5b2..d800ae3 100644
--- a/target-i386/translate.c
+++ b/target-i386/translate.c
@@ -5347,6 +5347,9 @@ static target_ulong disas_insn(CPUX86State *env,
DisasContext *s,
ot = mo_b_d(b, dflag);
modrm = cpu_ldub_code(env, s->pc++);
mod = (modrm >> 6) & 3;
+ if ((modrm >> 3) & 7){
+ goto illegal_op;
+ }
if (mod != 3) {
s->rip_offset = insn_const_size(ot);
gen_lea_modrm(env, s, modrm);
--
1.7.9.5
