Not taking part of value - bt, bts, sbb #19
Description
Description
During some shift instructions, the shift offset operand is not decoded properly. The lowest five bits should be taken and not the whole operand. Currently the bit base is shifted out of the resulting value.
Reference:
Ref. Intel 64 and IA-32 Architecture Software Developer's Manual Vol. 2A 3-113
Ref. Intel 64 and IA-32 Architecture Software Developer's Manual Vol. 2A 3-119
Ref. Intel 64 and IA-32 Architecture Software Developer's Manual Vol. 2B 4-587
Affected instructions:
0x0fa300 # bt
0x0fab00 # bts
0xf21900 # sbb
0xf21b00
Reproduction guide
Instruction:
00000000 0FA300 bt [eax],eax
Input:
binsec disasm -decode 0fa300
Observed output:
⎧ 0: CF := (@[eax₍₃₂₎]₄ ≫𝒖 eax₍₃₂₎){0}
⎪ 1: OF := \undef
⎪ 2: SF := \undef
bt [eax], eax ⎨ 3: AF := \undef
⎪ 4: PF := \undef
⎩ 5: goto ({0x00000003; 32}, 0)
Expected output:
Take only the lowest five bits from the offset operand.
System Info
OS:
# uname -a
Linux ubuntu 4.10.0-28-generic #32-Ubuntu SMP Fri Jun 30 05:32:18 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=17.04
DISTRIB_CODENAME=zesty
DISTRIB_DESCRIPTION="Ubuntu 17.04"
BINSEC: 20170301 0.1