[X86] Disassembly Error, over-decode invalid instruction with mutual exclusive prefix

[Mar3yZhang]

Work environment

Questions	Answers
OS/arch/bits	x86_64 Ubuntu 20.04
Architecture	x86_64
Source of Capstone	git clone, default on next branch.
Version/git commit	v6.0.0, d7be5f9

Instruction bytes giving faulty results

0xf0,0xf2,0x41,0x0f,0xb7,0xd6

Expected results

It should be:

ERROR: invalid assembly code

Steps to get the wrong result

With cstool:

$ ./cstool -d x64 "0xf0,0xf2,0x41,0x0f,0xb7,0xd6"
 0  f0 f2 41 0f b7 d6                                movzx      edx, r14w
        ID: 496 (movzx)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x0f 0xb7 0x00 0x00 
        rex: 0x41
        addr_size: 8
        modrm: 0xd6
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: REG = edx
                operands[0].size: 4
                operands[0].access: WRITE
                operands[1].type: REG = r14w
                operands[1].size: 2
                operands[1].access: READ
        Registers read: r14w
        Registers modified: edx
        
$ ./cstool -d x64 "0xf0,0x41,0x0f,0xb7,0xd6" 
ERROR: invalid assembly code

$ ./cstool -d x64 "0xf2,0x41,0x0f,0xb7,0xd6"
 0  f2 41 0f b7 d6                                   movzx      edx, r14w
        ID: 496 (movzx)
        Prefix:0x00 0x00 0x00 0x00 
        Opcode:0x0f 0xb7 0x00 0x00 
        rex: 0x41
        addr_size: 8
        modrm: 0xd6
        disp: 0x0
        sib: 0x0
        op_count: 2
                operands[0].type: REG = edx
                operands[0].size: 4
                operands[0].access: WRITE
                operands[1].type: REG = r14w
                operands[1].size: 2
                operands[1].access: READ
        Registers read: r14w
        Registers modified: edx

Additional Logs, screenshots, source code, configuration dump, ...

Capstone correctly identifies that the LOCK prefix (0xf0) is incompatible with the movzx instruction. It also has no problem with the REPNE/REPNZ prefix (0xf2). However, it fails to recognize that the prefixes 0xf2 and 0xf0 are mutually exclusive and cannot appear together in a single instruction. In contrast, both XED and Zydis disassemblers return an 'invalid assembly code' error for the sequence 0xf0, 0xf2, 0x41, 0x0f, 0xb7, 0xd6

[Rot127]

Thanks for reporting it.
Idk what your use case is, but please also take a look at #2505.

[Mar3yZhang]

Thanks for reporting it. Idk what your use case is, but please also take a look at #2505.

Hi, Rot.
Thank you for your prompt reply! I think unified x86 instruction modeling will help the x86 software instruction decoder community.