Crash case: Invalid read of size 8 in tb_flush_x86_64.

.gitignore

@@ -113,6 +113,7 @@ eflags_noset
 mem_map_large
 invalid_read_in_cpu_tb_exec
 invalid_write_in_cpu_tb_exec_x86_64
+x86_16_segfault
 
 
 #################

tests/regress/Makefile

@@ -18,6 +18,7 @@ TESTS += eflags_noset
 TESTS += mem_map_large
 TESTS += invalid_read_in_cpu_tb_exec
 TESTS += invalid_write_in_cpu_tb_exec_x86_64
+TESTS += x86_16_segfault
 
 all: $(TESTS)
 

tests/regress/x86_16_segfault.c

@@ -0,0 +1,22 @@
+#include <unicorn/unicorn.h>
+
+#define BINARY "\x90"
+#define MEMORY_SIZE 4 * 1024
+#define STARTING_ADDRESS 100 * 1024
+
+int main(int argc, char **argv, char **envp) {
+  uc_engine *uc;
+  if (uc_open(UC_ARCH_X86, UC_MODE_16, &uc)) {
+    printf("uc_open(…) failed\n");
+    return 1;
+  }
+  uc_mem_map(uc, STARTING_ADDRESS, MEMORY_SIZE, UC_PROT_ALL);
+  if (uc_mem_write(uc, STARTING_ADDRESS, BINARY, sizeof(BINARY) - 1)) {
+    printf("uc_mem_write(…) failed\n");
+    return 1;
+  }
+  printf("uc_emu_start(…)\n");
+  uc_emu_start(uc, STARTING_ADDRESS, STARTING_ADDRESS + sizeof(BINARY) - 1, 0, 20);
+  printf("done\n");
+  return 0;
+}