Meaning of BND RET in x86
The BND
prefix is part of Intel MPX (Memory Protection Extensions) and indicates the return target (or in general the branch target, as BND
can be applied to any control flow instruction) should be checked against the bounds specified in the BND0
to BND3
registers, else an exception will be generated -- indicating a potential stack overflow, programming error or malicious code attack.
On processors that do not support Intel MPX, or when MPX is disabled, the BND
prefix behaves as a no-op, so there is no need to compile two versions of the code (one with and one without BND
prefixes).
Note that the encoding of the BND
prefix is the same as that of the REPNE
prefix (both are F2h), so older disassemblers that don't know about MPX yet, may show this instruction sequence as REPNE RET
(or REPNE JMP
, REPNE CALL
, etc.). This use is unrelated to the REP RET idiom where the prefix is assumed to have no-op behavior and is used purely to work around a performance issue on older CPUs.