The VEX decoding of the AVX2 and F16C instruction in SyzyAsan is wrong |
||||
Issue descriptionThe VEX decoding that we're doing in SyzyAsan for the 3-byte encoded VEX instructions[1] is wrong, it assume that the instructions always have a fixed length but it's not always the case, some of them use ModR/M, which means they have a variable length. It's possible we're getting away with this for Chrome, but it is really flaky and should be fixed. There's different way to fix this: - Disable VEX in Chrome for the SyzyASAN builds. - Back off on instrumenting blocks we can't disassemble, without failure. - Add Capstone as a backup disassembler when we can't disassemble an instruction. (the real solution will probably be a combination of these 3 approach). [1] https://github.com/google/syzygy/blob/master/syzygy/core/disassembler_util.cc#L50
,
Dec 3 2016
Tagging with current canary milestone.
,
Dec 16 2016
Pri-0 bugs are critical regressions or serious emergencies, and this bug has not been updated in three days. Could you please provide an update, or adjust the priority to a more appropriate level if applicable? If a fix is in active development, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 30 2016
Pri-0 bugs are critical regressions or serious emergencies, and this bug has not been updated in three days. Could you please provide an update, or adjust the priority to a more appropriate level if applicable? If a fix is in active development, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 1
Not a P0.
,
Aug 1
Syzyasan is gone. |
||||
►
Sign in to add a comment |
||||
Comment 1 by sebmarchand@chromium.org
, Dec 2 2016