From 64a93afc3c630c39e5c583e4f67aef5821d635b6 Mon Sep 17 00:00:00 2001
From: Fangrui Song <maskray@google.com>
Date: Mon, 13 Jan 2020 10:34:10 -0800
Subject: [PATCH] [X86][Disassembler] Fix a bug when disassembling an empty
 string

readPrefixes() assumes insn->bytes is non-empty. The code path is not
exercised in llvm-mc because llvm-mc does not feed empty input to
MCDisassembler::getInstruction().

This bug is uncovered by a5994c789a2982a770254ae1607b5b4cb641f73c.
An empty string did not crash before because the deleted regionReader()
allowed UINT64_C(-1) as insn->readerCursor.

  Bytes.size() <= Address -> R->Base
  0 <= UINT64_C(-1) - UINT32_C(-1)
---
 llvm/lib/Target/X86/Disassembler/X86Disassembler.cpp | 4 +++-
 llvm/unittests/MC/Disassembler.cpp                   | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/llvm/lib/Target/X86/Disassembler/X86Disassembler.cpp b/llvm/lib/Target/X86/Disassembler/X86Disassembler.cpp
index 8d0c12e..34ea95d 100644
--- a/llvm/lib/Target/X86/Disassembler/X86Disassembler.cpp
+++ b/llvm/lib/Target/X86/Disassembler/X86Disassembler.cpp
@@ -203,6 +203,8 @@ static bool isREX(struct InternalInstruction *insn, uint8_t prefix) {
 // Consumes all of an instruction's prefix bytes, and marks the
 // instruction as having them.  Also sets the instruction's default operand,
 // address, and other relevant data sizes to report operands correctly.
+//
+// insn must not be empty.
 static int readPrefixes(struct InternalInstruction *insn) {
   bool isPrefix = true;
   uint8_t byte = 0;
@@ -1707,7 +1709,7 @@ MCDisassembler::DecodeStatus X86GenericDisassembler::getInstruction(
   Insn.readerCursor = Address;
   Insn.mode = fMode;
 
-  if (readPrefixes(&Insn) || readOpcode(&Insn) ||
+  if (Bytes.empty() || readPrefixes(&Insn) || readOpcode(&Insn) ||
       getInstructionID(&Insn, MII.get()) || Insn.instructionID == 0 ||
       readOperands(&Insn)) {
     Size = Insn.readerCursor - Address;
diff --git a/llvm/unittests/MC/Disassembler.cpp b/llvm/unittests/MC/Disassembler.cpp
index cdb3444..3f9e6e5 100644
--- a/llvm/unittests/MC/Disassembler.cpp
+++ b/llvm/unittests/MC/Disassembler.cpp
@@ -38,6 +38,10 @@ TEST(Disassembler, X86Test) {
   unsigned NumBytes = sizeof(Bytes);
   unsigned PC = 0;
 
+  InstSize =
+      LLVMDisasmInstruction(DCR, BytesP, 0, PC, OutString, OutStringSize);
+  EXPECT_EQ(InstSize, 0U);
+
   InstSize = LLVMDisasmInstruction(DCR, BytesP, NumBytes, PC, OutString,
                                    OutStringSize);
   EXPECT_EQ(InstSize, 1U);
-- 
2.7.4