UserspaceEmulator: Fix incorrect shadowing on mov sign extend

Unlike zero-extend moves, the upper bytes are not just zeroed, but rather are based on the sign bit of the source, which means if the source is tainted, so should the upper bytes be.
Author: https://github.com/GalHorowitz Commit: https://github.com/SerenityOS/serenity/commit/2fd2396d638 Pull-request: https://github.com/SerenityOS/serenity/pull/4851
2024-11-22 23:50:19 +00:00 · 2021-01-08 13:03:24 +02:00 · 2021-01-08 13:03:24 +02:00 · 2fd2396d63 · 2024-07-19 00:03:13 +09:00
commit 2fd2396d63
parent edc18ab4e6
1 changed files with 3 additions and 3 deletions
--- a/DevTools/UserspaceEmulator/SoftCPU.cpp
+++ b/DevTools/UserspaceEmulator/SoftCPU.cpp
@ -2449,19 +2449,19 @@ void SoftCPU::MOVSW(const X86::Instruction& insn)
 void SoftCPU::MOVSX_reg16_RM8(const X86::Instruction& insn)
 {
    auto src = insn.modrm().read8(*this, insn);
-    gpr16(insn.reg16()) = ValueWithShadow<u16>(sign_extended_to<u16>(src.value()), 0x0100 | (src.shadow()));
+    gpr16(insn.reg16()) = shadow_wrap_with_taint_from<u16>(sign_extended_to<u16>(src.value()), src.shadow());
 }

 void SoftCPU::MOVSX_reg32_RM16(const X86::Instruction& insn)
 {
    auto src = insn.modrm().read16(*this, insn);
-    gpr32(insn.reg32()) = ValueWithShadow<u32>(sign_extended_to<u32>(src.value()), 0x01010000 | (src.shadow()));
+    gpr32(insn.reg32()) = shadow_wrap_with_taint_from<u32>(sign_extended_to<u32>(src.value()), src.shadow());
 }

 void SoftCPU::MOVSX_reg32_RM8(const X86::Instruction& insn)
 {
    auto src = insn.modrm().read8(*this, insn);
-    gpr32(insn.reg32()) = ValueWithShadow<u32>(sign_extended_to<u32>(src.value()), 0x01010100 | (src.shadow()));
+    gpr32(insn.reg32()) = shadow_wrap_with_taint_from<u32>(sign_extended_to<u32>(src.value()), src.shadow());
 }

 void SoftCPU::MOVZX_reg16_RM8(const X86::Instruction& insn)