security-research icon indicating copy to clipboard operation
security-research copied to clipboard
verified publisher icon google

Zentool disassembly shows incorrect register output.

Open jschoen483 opened this issue 8 months ago • 0 comments

https://github.com/google/security-research/blob/f102f0bad048368076affc692c6a0ceacba6eabd/pocs/cpus/entrysign/zentool/disas.c#L105

    // Now decode the remainder as necessary.
    putstr("\t%-*s\t%s, %s, ",
            kMnemonicWidth,
            mnemonic,
            zen_reg_to_string(op.reg2),
            zen_reg_to_string(op.reg1));

@sirdarckcat In dump_reg_op if both op.reg1 and op.reg2 are a differentreg[0-x] constants, i.e. "reg2" "reg4", the printed register is wrong because zen_reg_to_string uses the same static char[] buffer to create a formatted return string at runtime. The function zen_reg_to_string, is called twice before the return value is used in the putstr

Suggesting a change to split it into two separate separate putstr(...,zen_reg_to_string(...)) calls.

    // Now decode the remainder as necessary.seq
    putstr("\t%-*s\t%s, ",
            kMnemonicWidth,
            mnemonic,
            zen_reg_to_string(op.reg2));
    putstr("%s, ", zen_reg_to_string(op.reg1));

This also changes the expected output for /test/mcop.sh in the mcop 382E9C1110E00000 case from adc reg2, reg2, reg7 to adc reg2, reg4, reg7

jschoen483 avatar Apr 07 '25 14:04 jschoen483