From: Paul Floyd <pjfloyd@wanadoo.fr>
Date: Sat, 24 Jan 2026 07:20:29 +0000 (+0100)
Subject: Bug 253436 - vex amd64->IR: unhandled instruction bytes: 0xF2 0xA6 (repne cmps)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f5118fffdfbfb40405b8493ad6e8fee343c5759;p=thirdparty%2Fvalgrind.git

Bug 253436 - vex amd64->IR: unhandled instruction bytes: 0xF2 0xA6 (repne cmps)

Patch submitted by jacobly.alt@gmail.com
Regtest update submitted by Lukas Dullinger <itislu.git@gmail.com>
---

diff --git a/NEWS b/NEWS
index 9091f0a39..d907a32e4 100644
--- a/NEWS
+++ b/NEWS
@@ -45,6 +45,7 @@ are not entered into bugzilla tend to get forgotten about or ignored.
 
 126256  (fnop) vex x86->IR: unhandled instruction bytes: 0xD9 0xD0 0x31 0xC0
 228343  none/tests/darwin/bug228343 fails on OS X
+253436  vex amd64->IR: unhandled instruction bytes: 0xF2 0xA6 (repne cmps)
 258140  Valgrind on OS X always reports some memory "still reachable"
 413369  unhandled amd64-darwin syscall: unix:151 (getpgid)
 487055  memcheck/tests/x86-linux/scalar fails running in Docker
diff --git a/VEX/priv/guest_amd64_toIR.c b/VEX/priv/guest_amd64_toIR.c
index 5faf9c07c..39a88b4e6 100644
--- a/VEX/priv/guest_amd64_toIR.c
+++ b/VEX/priv/guest_amd64_toIR.c
@@ -20768,8 +20768,8 @@ Long dis_ESC_NONE (
          dis_REP_op ( dres, AMD64CondAlways, dis_MOVS, sz,
                       guest_RIP_curr_instr,
                       guest_RIP_bbstart+delta, "rep movs", pfx );
-        dres->whatNext = Dis_StopHere;
-        return delta;
+         vassert(dres->whatNext == Dis_StopHere);
+         return delta;
       }
       /* A4: movsb */
       if (!haveF3(pfx) && !haveF2(pfx)) {
@@ -20782,14 +20782,31 @@ Long dis_ESC_NONE (
 
    case 0xA6:
    case 0xA7:
-      /* F3 A6/A7: repe cmps/rep cmps{w,l,q} */
-      if (haveF3(pfx) && !haveF2(pfx)) {
+      /* F2 A6/A7: repne cmpsb/repne cmps{w,l,q} */
+      if (haveF2(pfx) && !haveF3(pfx)) {
+         if (opc == 0xA6)
+            sz = 1;
+         dis_REP_op ( dres, AMD64CondNZ, dis_CMPS, sz, 
+                      guest_RIP_curr_instr,
+                      guest_RIP_bbstart+delta, "repne cmps", pfx );
+         vassert(dres->whatNext == Dis_StopHere);
+         return delta;
+      }
+      /* F3 A6/A7: repe cmpsb/repe cmps{w,l,q} */
+      if (!haveF2(pfx) && haveF3(pfx)) {
          if (opc == 0xA6)
             sz = 1;
          dis_REP_op ( dres, AMD64CondZ, dis_CMPS, sz, 
                       guest_RIP_curr_instr,
                       guest_RIP_bbstart+delta, "repe cmps", pfx );
-         dres->whatNext = Dis_StopHere;
+         vassert(dres->whatNext == Dis_StopHere);
+         return delta;
+      }
+      /* A6/A7: cmpsb/cmps{w,l,q} */
+      if (!haveF2(pfx) && !haveF3(pfx)) {
+         if (opc == 0xA6)
+            sz = 1;
+         dis_string_op ( dis_CMPS, sz, "cmps", pfx );
          return delta;
       }
       goto decode_failure;
diff --git a/VEX/test/test-amd64.c b/VEX/test/test-amd64.c
index bedc99e98..981aa3ea0 100644
--- a/VEX/test/test-amd64.c
+++ b/VEX/test/test-amd64.c
@@ -1207,9 +1207,9 @@ void test_string(void)
    TEST_STRING(scas, "");
    // REINSTATE: TEST_STRING(scas, "repz ");
    TEST_STRING(scas, "repnz ");
-   // REINSTATE: TEST_STRING(cmps, "");
+   TEST_STRING(cmps, "");
    TEST_STRING(cmps, "repz ");
-   // REINSTATE: TEST_STRING(cmps, "repnz ");
+   TEST_STRING(cmps, "repnz ");
 }
 
 /* VM86 test */