From 24f898fb58ae3fb7906ac766080daf5a7ea3ea59 Mon Sep 17 00:00:00 2001
From: mio <mio@lazym.io>
Date: Thu, 15 Feb 2024 15:22:32 +0800
Subject: [PATCH] Fix #1869

---
 qemu/target/i386/translate.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/qemu/target/i386/translate.c b/qemu/target/i386/translate.c
index 309cf548..f44ec8de 100644
--- a/qemu/target/i386/translate.c
+++ b/qemu/target/i386/translate.c
@@ -1490,12 +1490,13 @@ static void gen_op(DisasContext *s1, int op, MemOp ot, int d)
     TCGContext *tcg_ctx = s1->uc->tcg_ctx;
     uc_engine *uc = s1->uc;
 
+    /* Invalid lock prefix when destination is not memory or OP_CMPL. */
+    if ((d != OR_TMP0 || op == OP_CMPL) && s1->prefix & PREFIX_LOCK){
+        gen_illegal_opcode(s1);
+        return;
+    }
+
     if (d != OR_TMP0) {
-        if (s1->prefix & PREFIX_LOCK) {
-            /* Lock prefix when destination is not memory.  */
-            gen_illegal_opcode(s1);
-            return;
-        }
         gen_op_mov_v_reg(s1, ot, s1->T0, d);
     } else if (!(s1->prefix & PREFIX_LOCK)) {
         gen_op_ld_v(s1, ot, s1->T0, s1->A0);