>>> On 08.03.17 at 14:24, wrote:
> One observation however. It would probably be safer to poison the stub
> with 0xcc each time (especially if we have a path which omits the ret),
> instead of leaving partial instructions in place.
I too have been considering this.
Jan
___
On 08/03/17 13:02, Jan Beulich wrote:
On 08.03.17 at 13:10, wrote:
>> v{,u}comis{s,d}, and vcvt{,t}s{s,d}2si are two-operand instructions, while
>> vzero{all,upper} take no operands, so require vex.reg set to ~0 to avoid
>> #UD.
>>
>> Spotted while fuzzing with AFL
>> Signed-off-by: Andrew C
>>> On 08.03.17 at 13:10, wrote:
> v{,u}comis{s,d}, and vcvt{,t}s{s,d}2si are two-operand instructions, while
> vzero{all,upper} take no operands, so require vex.reg set to ~0 to avoid
> #UD.
>
> Spotted while fuzzing with AFL
> Signed-off-by: Andrew Cooper
Reviewed-by: Jan Beulich
___
v{,u}comis{s,d}, and vcvt{,t}s{s,d}2si are two-operand instructions, while
vzero{all,upper} take no operands, so require vex.reg set to ~0 to avoid #UD.
Spotted while fuzzing with AFL
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
---
xen/arch/x86/x86_emulate/x86_emulate.c | 4 +++-
1 file ch
