diff options
| author | Etienne Bergeron <etienneb@google.com> | 2016-07-18 19:50:55 +0000 |
|---|---|---|
| committer | Etienne Bergeron <etienneb@google.com> | 2016-07-18 19:50:55 +0000 |
| commit | a81a44ffd461464e0bc89c611a766eba019bff9b (patch) | |
| tree | a1e204b88f7d43ed4c26e1e93768f1118cf2852e /compiler-rt/lib/interception | |
| parent | ea5b72825b52b3063ecaab135c9594d087f16a08 (diff) | |
| download | bcm5719-llvm-a81a44ffd461464e0bc89c611a766eba019bff9b.tar.gz bcm5719-llvm-a81a44ffd461464e0bc89c611a766eba019bff9b.zip | |
[compiler-rt] Fix incorrect handling of indirect load.
Summary:
Indirect load are relative offset from RIP.
The current trampoline implementation is incorrectly
copying these instructions which make some unittests
crashing.
This patch is not fixing the unittests but it's fixing
the crashes. The functions are no longer hooked.
Patches will come soon to fix these unittests.
Reviewers: rnk
Subscribers: llvm-commits, wang0109, chrisha
Differential Revision: https://reviews.llvm.org/D22410
llvm-svn: 275892
Diffstat (limited to 'compiler-rt/lib/interception')
| -rw-r--r-- | compiler-rt/lib/interception/interception_win.cc | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/compiler-rt/lib/interception/interception_win.cc b/compiler-rt/lib/interception/interception_win.cc index 13d42cfd3ab..8d6d3b00e16 100644 --- a/compiler-rt/lib/interception/interception_win.cc +++ b/compiler-rt/lib/interception/interception_win.cc @@ -410,7 +410,6 @@ static size_t GetInstructionSize(uptr address) { case 0xb8: // b8 XX XX XX XX : mov eax, XX XX XX XX case 0xB9: // b9 XX XX XX XX : mov ecx, XX XX XX XX - case 0xA1: // A1 XX XX XX XX : mov eax, dword ptr ds:[XXXXXXXX] return 5; // Cannot overwrite control-instruction. Return 0 to indicate failure. @@ -453,6 +452,12 @@ static size_t GetInstructionSize(uptr address) { } #if SANITIZER_WINDOWS64 + switch (*(u8*)address) { + case 0xA1: // A1 XX XX XX XX XX XX XX XX : + // movabs eax, dword ptr ds:[XXXXXXXX] + return 8; + } + switch (*(u16*)address) { case 0x5040: // push rax case 0x5140: // push rcx @@ -500,7 +505,12 @@ static size_t GetInstructionSize(uptr address) { // mov rax, QWORD PTR [rip + XXXXXXXX] case 0x25ff48: // 48 ff 25 XX XX XX XX : // rex.W jmp QWORD PTR [rip + XXXXXXXX] - return 7; + // Instructions having offset relative to 'rip' cannot be copied. + return 0; + + case 0x2444c7: // C7 44 24 XX YY YY YY YY + // mov dword ptr [rsp + XX], YYYYYYYY + return 8; } switch (*(u32*)(address)) { @@ -513,6 +523,10 @@ static size_t GetInstructionSize(uptr address) { #else + switch (*(u8*)address) { + case 0xA1: // A1 XX XX XX XX : mov eax, dword ptr ds:[XXXXXXXX] + return 5; + } switch (*(u16*)address) { case 0x458B: // 8B 45 XX : mov eax, dword ptr [ebp + XX] case 0x5D8B: // 8B 5D XX : mov ebx, dword ptr [ebp + XX] |
