Implement special selector pushing behavior and improve the opcode length heuristic for CS limit checks, fixes #4552.

2024-06-23 02:28:22 +02:00
parent 499a4e1d77
commit bbe035b62a
4 changed files with 62 additions and 12 deletions
--- a/src/cpu/386.c
+++ b/src/cpu/386.c
@@ -212,11 +212,11 @@ fetch_ea_16_long(uint32_t rmdat)
 #define CLOCK_CYCLES_ALWAYS(c) cycles -= (c)

 #define CHECK_READ_CS(size)                                                            \
-    if ((cpu_state.pc < cpu_state.seg_cs.limit_low) ||                                 \
-        ((cpu_state.pc + size - 1) > cpu_state.seg_cs.limit_high))                     \
-        x86gpf("Limit check (READ)", 0);                                               \
    if (msw & 1 && !(cpu_state.eflags & VM_FLAG) && !(cpu_state.seg_cs.access & 0x80)) \
        x86np("Read from seg not present", cpu_state.seg_cs.seg & 0xfffc);             \
+    else if ((cpu_state.pc < cpu_state.seg_cs.limit_low) ||                            \
+        ((cpu_state.pc + size - 1) > cpu_state.seg_cs.limit_high))                     \
+        x86gpf("Limit check (READ CS)", 0);

 #include "386_ops.h"

@@ -261,7 +261,13 @@ exec386_2386(int32_t cycs)

            fetchdat = fastreadl_fetch(cs + cpu_state.pc);
            ol = opcode_length[fetchdat & 0xff];
-            CHECK_READ_CS(MIN(ol, 4));
+            if ((ol == 3) && opcode_has_modrm[fetchdat & 0xff] && (((fetchdat >> 14) & 0x03) == 0x03))
+                ol = 2;
+            if (cpu_16bitbus) {
+                CHECK_READ_CS(MIN(ol, 2));
+            } else {
+                CHECK_READ_CS(MIN(ol, 4));
+            }
            ins_fetch_fault = cpu_386_check_instruction_fault();

            /* Breakpoint fault has priority over other faults. */