[PATCH] D22410: [compiler-rt] Fix incorrect handling of indirect load.

Fri Jul 15 07:50:14 PDT 2016

etienneb created this revision.
etienneb added a reviewer: rnk.
etienneb added subscribers: chrisha, wang0109, llvm-commits.

Indirect load are relative offset from RIP.

The current trampoline implementation is incorrectly
copying these instructions which make some unittests
crashing.

This patch is not fixing the unittests but it's fixing
the crashes. The functions are no longer hooked.

Patches will come soon to fix these unittests.

https://reviews.llvm.org/D22410

Files:
  lib/interception/interception_win.cc

Index: lib/interception/interception_win.cc
===================================================================

--- lib/interception/interception_win.cc
+++ lib/interception/interception_win.cc
@@ -410,7 +410,6 @@
 
     case 0xb8:  // b8 XX XX XX XX : mov eax, XX XX XX XX
     case 0xB9:  // b9 XX XX XX XX : mov ecx, XX XX XX XX
-    case 0xA1:  // A1 XX XX XX XX : mov eax, dword ptr ds:[XXXXXXXX]
       return 5;
 
     // Cannot overwrite control-instruction. Return 0 to indicate failure.
@@ -453,6 +452,11 @@
   }
 
 #if SANITIZER_WINDOWS64
+  switch (*(u8*)address) {
+    case 0xA1:  // A1 XX XX XX XX XX XX XX XX :
+                //   movabs eax, dword ptr ds:[XXXXXXXX]
+      return 8;
+  }
   switch (*(u16*)address) {
     case 0x5040:  // push rax
     case 0x5140:  // push rcx
@@ -500,7 +504,12 @@
                       //   mov rax, QWORD PTR [rip + XXXXXXXX]
     case 0x25ff48:    // 48 ff 25 XX XX XX XX :
                       //   rex.W jmp QWORD PTR [rip + XXXXXXXX]
-      return 7;
+      // Instructions having offset relative to 'rip' cannot be copied.
+      return 0;
+
+    case 0x2444c7:    // C7 44 24 XX YY YY YY YY
+                      //   mov dword ptr [rsp + XX], YYYYYYYY
+      return 8;
   }
 
   switch (*(u32*)(address)) {
@@ -512,7 +521,10 @@
   }
 
 #else
-
+  switch (*(u8*)address) {
+    case 0xA1:  // A1 XX XX XX XX :  mov eax, dword ptr ds:[XXXXXXXX]
+      return 5;
+  }
   switch (*(u16*)address) {
     case 0x458B:  // 8B 45 XX : mov eax, dword ptr [ebp + XX]
     case 0x5D8B:  // 8B 5D XX : mov ebx, dword ptr [ebp + XX]


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D22410.64141.patch
Type: text/x-patch
Size: 1587 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160715/1cb60a95/attachment.bin>
