John Reiser: On x86, the byte sequence {0xc7,0310,1,2,3,4} superficially looks like "move immediate to r/m dword" because of the opcode 0xC7. Actually, it is an illegal instruction because 0!=(070 & mod_rm); namely, the 0310 should be 0300. Gdb disassembly should report illegal instruction, but instead says "movl $0x4030201,%eax". Please see the original post: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172034 Steps to Reproduce: 1. Compile and run this program under gdb: -----foo.S _start: .globl _start nop; int3 .byte 0xc7,0310,1,2,3,4 nop; nop ----- $ gcc -o foo -nostartfiles -nostdlib foo.S $ gdb foo (gdb) run 2. 3. Actual Results: Program received signal SIGTRAP, Trace/breakpoint trap. ## as expected for 'int3' 0x08048076 in _start () (gdb) x/i $pc 0x8048076 <_start+2>: mov $0x4030201,%eax ## gdb says it's OK (gdb) stepi Program received signal SIGILL, Illegal instruction. ## CPU rejects 0x08048076 in _start () 0x8048076 <_start+2>: mov $0x4030201,%eax (gdb) Expected Results: Program received signal SIGTRAP, Trace/breakpoint trap. 0x08048076 in _start () (gdb) x/i $pc 0x8048076 <_start+2>: (bad) ## modrm of 0310 is illegal for opcode 0xC7
Created attachment 1117 [details] libopcodes CVS version patch https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172034 See IA-32 Intel® Architecture Software Developer's Manual Volume 2B: Instruction Set Reference, N-Z, page 434 (of 582), http://download.intel.com/design/Pentium4/manuals/25366719.pdf Opcodes 0xC6 and 0xC7 do not have ('reg' (Bits 5,4,3) != 0) defined.
Created attachment 1164 [details] A patch Can you try this patch instead?
Created attachment 1166 [details] Source for the testcase
Created attachment 1167 [details] Testcase output from original unpatched objdump
Created attachment 1168 [details] Testcase output from patched objdump by the H.J.Lu patch Your patch works fine while done the right way, thanks.
Fixed.