From 75a325e8c6af81338ef204037cf35c32a12acca9 Mon Sep 17 00:00:00 2001
From: practicalswift <practicalswift@users.noreply.github.com>
Date: Sun, 29 Nov 2015 23:00:34 +0100
Subject: [PATCH] Crash case: Invalid read of size 8 in tb_flush_x86_64.

---
 .gitignore                      |  1 +
 tests/regress/Makefile          |  1 +
 tests/regress/x86_16_segfault.c | 22 ++++++++++++++++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 tests/regress/x86_16_segfault.c

diff --git a/.gitignore b/.gitignore
index f58e52e7..70a55b91 100644
--- a/.gitignore
+++ b/.gitignore
@@ -113,6 +113,7 @@ eflags_noset
 mem_map_large
 invalid_read_in_cpu_tb_exec
 invalid_write_in_cpu_tb_exec_x86_64
+x86_16_segfault
 
 
 #################
diff --git a/tests/regress/Makefile b/tests/regress/Makefile
index a438aeaf..5903b070 100644
--- a/tests/regress/Makefile
+++ b/tests/regress/Makefile
@@ -18,6 +18,7 @@ TESTS += eflags_noset
 TESTS += mem_map_large
 TESTS += invalid_read_in_cpu_tb_exec
 TESTS += invalid_write_in_cpu_tb_exec_x86_64
+TESTS += x86_16_segfault
 
 all: $(TESTS)
 
diff --git a/tests/regress/x86_16_segfault.c b/tests/regress/x86_16_segfault.c
new file mode 100644
index 00000000..d7d97b03
--- /dev/null
+++ b/tests/regress/x86_16_segfault.c
@@ -0,0 +1,22 @@
+#include <unicorn/unicorn.h>
+
+#define BINARY "\x90"
+#define MEMORY_SIZE 4 * 1024
+#define STARTING_ADDRESS 100 * 1024
+
+int main(int argc, char **argv, char **envp) {
+  uc_engine *uc;
+  if (uc_open(UC_ARCH_X86, UC_MODE_16, &uc)) {
+    printf("uc_open(…) failed\n");
+    return 1;
+  }
+  uc_mem_map(uc, STARTING_ADDRESS, MEMORY_SIZE, UC_PROT_ALL);
+  if (uc_mem_write(uc, STARTING_ADDRESS, BINARY, sizeof(BINARY) - 1)) {
+    printf("uc_mem_write(…) failed\n");
+    return 1;
+  }
+  printf("uc_emu_start(…)\n");
+  uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 20);
+  printf("done\n");
+  return 0;
+}