x86: fix #968. also fix potential bug of not clearing high bytes when updateing EIP

Backports commit 4d0157eb4a4891fe9101ac84accbd11cd4277794 from qemu

qemu/target/i386/unicorn.c

@@ -973,7 +973,7 @@ int x86_reg_write(struct uc_struct *uc, unsigned int *regs, void *const *vals, i
                         uc_emu_stop(uc);
                         break;
                     case UC_X86_REG_IP:
-                        WRITE_WORD(state->eip, *(uint16_t *)value);
+                        X86_CPU(uc, mycpu)->env.eip = *(uint16_t *)value;
                         // force to quit execution and flush TB
                         uc->quit_request = true;
                         uc_emu_stop(uc);
@@ -1163,7 +1163,7 @@ int x86_reg_write(struct uc_struct *uc, unsigned int *regs, void *const *vals, i
                         uc_emu_stop(uc);
                         break;
                     case UC_X86_REG_EIP:
-                        WRITE_DWORD(state->eip, *(uint32_t *)value);
+                        X86_CPU(uc, mycpu)->env.eip = *(uint32_t *)value;
                         // force to quit execution and flush TB
                         uc->quit_request = true;
                         uc_emu_stop(uc);

uc.c

@@ -549,9 +549,16 @@ uc_err uc_emu_start(uc_engine* uc, uint64_t begin, uint64_t until, uint64_t time
             switch(uc->mode) {
                 default:
                     break;
-                case UC_MODE_16:
+                case UC_MODE_16: {
-                    uc_reg_write(uc, UC_X86_REG_IP, &begin);
+                    uint64_t ip;
+                    uint16_t cs;
+
+                    uc_reg_read(uc, UC_X86_REG_CS, &cs);
+                    // compensate for later adding up IP & CS
+                    ip = begin - cs*16;
+                    uc_reg_write(uc, UC_X86_REG_IP, &ip);
                     break;
+                }
                 case UC_MODE_32:
                     uc_reg_write(uc, UC_X86_REG_EIP, &begin);
                     break;