[cDAC] Fix AMD64 epilogue unwinder reading register number from wrong byte offset#124845
Merged
max-charlamb merged 2 commits intomainfrom Feb 25, 2026
Merged
[cDAC] Fix AMD64 epilogue unwinder reading register number from wrong byte offset#124845max-charlamb merged 2 commits intomainfrom
max-charlamb merged 2 commits intomainfrom
Conversation
…ffset Co-authored-by: max-charlamb <[email protected]>
Copilot
AI
changed the title
[WIP] Fix register number reading for pop r64 instructions
Fix AMD64 epilogue unwinder reading register number from wrong byte offset
Feb 25, 2026
Contributor
|
Tagging subscribers to this area: @steveisok, @tommcdon, @dotnet/dotnet-diag |
max-charlamb
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes a bug in the managed cDAC AMD64 unwinder’s epilogue emulation where the destination register for single-byte pop r64 opcodes (regs 0–7) was decoded from the wrong instruction byte, which could corrupt the unwound register context.
Changes:
- Correctly decode the register number for
pop r64(0–7) from the opcode byte atnextByteinstead ofnextByte + 2.
max-charlamb
approved these changes
Feb 25, 2026
steveisok
approved these changes
Feb 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
During epilogue emulation in the managed cDAC AMD64 unwinder, the register number for single-byte
pop r64instructions (registers 0–7) was extracted fromnextByte + 2instead ofnextByte. Sincepop r64is a single-byte opcode (0x58 + r), the register is encoded in the low 3 bits of the opcode byte itself — reading two bytes ahead returns an arbitrary instruction stream byte, silently corrupting the unwound register context and potentially cascading into wrong instruction pointers in subsequent frames.Fix
The REX-prefix pop case (registers 8–15) and the non-epilogue epilogue-detection scan are both correct and unaffected.
Changes
AMD64Unwinder.csline 479: ChangeReadByteAt(nextByte + 2)→ReadByteAt(nextByte)to correctly extract the register number from thepop r64opcode byte, matching the native unwinder indbs_stack_x64.cpp.Testing
Original prompt
This pull request was created from Copilot chat.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.