[compiler-rt] Fix incorrect handling of indirect load.

bergeret · bergeret · commit 30e6ecf184a2 · 2016-07-18T19:50:55.000Z
Summary: Indirect load are relative offset from RIP. The current trampoline implementation is incorrectly copying these instructions which make some unittests crashing. This patch is not fixing the unittests but it's fixing the crashes. The functions are no longer hooked. Patches will come soon to fix these unittests. Reviewers: rnk Subscribers: llvm-commits, wang0109, chrisha Differential Revision: https://reviews.llvm.org/D22410 git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@275892 91177308-0d34-0410-b5e6-96231b3b80d8
diff --git a/lib/interception/interception_win.cc b/lib/interception/interception_win.cc
@@ -410,7 +410,6 @@ static size_t GetInstructionSize(uptr address) {
 
     case 0xb8:  // b8 XX XX XX XX : mov eax, XX XX XX XX
     case 0xB9:  // b9 XX XX XX XX : mov ecx, XX XX XX XX
-    case 0xA1:  // A1 XX XX XX XX : mov eax, dword ptr ds:[XXXXXXXX]
       return 5;
 
     // Cannot overwrite control-instruction. Return 0 to indicate failure.
@@ -453,6 +452,12 @@ static size_t GetInstructionSize(uptr address) {
   }
 
 #if SANITIZER_WINDOWS64
+  switch (*(u8*)address) {  
+    case 0xA1:  // A1 XX XX XX XX XX XX XX XX :
+                //   movabs eax, dword ptr ds:[XXXXXXXX]
+      return 8;
+  }
+
   switch (*(u16*)address) {
     case 0x5040:  // push rax
     case 0x5140:  // push rcx
@@ -500,7 +505,12 @@ static size_t GetInstructionSize(uptr address) {
                       //   mov rax, QWORD PTR [rip + XXXXXXXX]
     case 0x25ff48:    // 48 ff 25 XX XX XX XX :
                       //   rex.W jmp QWORD PTR [rip + XXXXXXXX]
-      return 7;
+      // Instructions having offset relative to 'rip' cannot be copied.
+      return 0;    
+
+    case 0x2444c7:    // C7 44 24 XX YY YY YY YY
+                      //   mov dword ptr [rsp + XX], YYYYYYYY
+      return 8;
   }
 
   switch (*(u32*)(address)) {
@@ -513,6 +523,10 @@ static size_t GetInstructionSize(uptr address) {
 
 #else
 
+  switch (*(u8*)address) {
+    case 0xA1:  // A1 XX XX XX XX :  mov eax, dword ptr ds:[XXXXXXXX]
+      return 5;
+  }
   switch (*(u16*)address) {
     case 0x458B:  // 8B 45 XX : mov eax, dword ptr [ebp + XX]
     case 0x5D8B:  // 8B 5D XX : mov ebx, dword ptr [ebp + XX]
