On 22/03/2017 21:01, Richard Henderson wrote: >> >> Ah, OK. Thanks for the explanation. May be we should check the size of >> the instruction while decoding the prefixes and error out once we >> exceed the limit. We would not generate any IR code. > > Yes. > > It would not enforce a true limit of 15 bytes, since you can't know that > until you've done the rest of the decode. But you'd be able to say that > no more than 14 prefix + 1 opc + 6 modrm+sib+ofs + 4 immediate = 25 > bytes is used. > > Which does fix the bug.
Yeah, that would work for 2.9 if somebody wants to put together a patch. Ensuring that all instruction fetching happens before translation side effects is a little harder, but perhaps it's also the opportunity to get rid of s->rip_offset which is a little ugly. Paolo