ARM Thumb: 16-bit instruction decoded as 32-bit

[lwerdna]

Capstone disassembles CD 00 0B 00 as a 32-bit instruction but it should be two 16-bit instructions. Note that, taken as a 32-bit instruction word, 0xCD000B00 is missing the leading three bits set required for a 4-byte wide encoding.

Here is minimal code for reproduction:

#!/usr/bin/env python
from capstone import *
md = Cs(CS_ARCH_ARM, CS_MODE_BIG_ENDIAN|CS_MODE_THUMB)
for i in md.disasm("\xCD\x00\x0b\x00", 0):
	print("0x%x:\t%s\t%s" %(i.address, i.mnemonic, i.op_str))

Which outputs vstr d0, [r0, #-0] when it should be ldmia r5!, {} and lsrs r0, r0, #12.

[E3V3A]

Yep, wish I could help you!

[Rot127]

./cstool thumb 0x000b gives me:

 0  00 0b  lsrs	r0, r0, #0xc

0x00cd seems to be an invalid instruction. Also in LLVM:

000003fc <_start>:
     3fc: cd00         	<unknown>
     3fe: 0b00         	lsrs	r0, r0, #0xc

But indeed, disassembling four bytes results in no valid instrucitons:

./cstool -d thumb 0x00cd000b
ERROR: invalid assembly code

Possibly if disasm() returns 0 for the first two bytes it just exits without looking at the following?