A bug in the Pentium-class CPUs by Intel.

When the Pentium receives the instruction F0 0F C7 C8 (hexadecimal), it takes down the system.

I personally don't speak machine code, nor assembly, but from what I can make of it, this instructions generates an error on the CPU that would normally cause a program to crash, to prevent harm. In this case, the program is non-existent, and the CPU will crash itself.

Most operating systems have already "fixed" this bug, by working around it.

Here's a snippet of C-code, to try it out, and to show how easy it is to crash a system, if it is badly designed.

char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 };

main ()
       void (*f)() = x;

This is a serious bug in the Pentium and Pentium MMX processors from Intel. The bug was discovered in the end of 1997. There are workarounds for this bug, and they are implemented for example in Linux, Windows 95/98 and Windows NT.

The full instruction is F0 0F C7 C8. This corresponds to LOCK CMPXCHG8B EAX. The instruction is invalid, because CMPXCHG8B works on 64-bit data, and therefore can not have a 32-bit register as destination operand. This should result in an Undefined Instruction (UD) exception, but the LOCK prefix incorrectly locks the bus when the processor tries to read the UD handler address. This causes the processor to hang.

The bug is serious because any normal user on the computer could execute a program with this instruction, and hang the computer. This is especially bad when the computer has multiple users, for example a Linux server.


Log in or register to write something here or to contact authors.