Further changes were needed

nonce_relocs.cpp

@@ -903,7 +903,16 @@ size_t NonceRelocs_t::DollopEntryOpeningSize(DollopEntry_t* entry)
 	if(!m_on)
 		return 0;
 
-	if(entry->Instruction()->GetIndirectBranchTargetAddress()==NULL)
+	bool isPinnedIBT =  (entry->Instruction()->GetIndirectBranchTargetAddress() != NULL)
+                          && (entry->Instruction()->GetIndirectBranchTargetAddress()->GetVirtualOffset() != 0);
+
+	// For correctness, we have to put non-exe nonces on unpinned IBTs 
+	// even if they have an exe nonce reloc,
+	// because its possible that a plt-style jump targets a return site.
+	// However I've never seen that, so at this point essentially all 
+	// unpinned IBTs with an exe nonce relocation don't need a non-exe nonce.
+	// Should we ignore the never-seen weird case to lower overhead?	
+	if(!isPinnedIBT)
 		return get_cfi_space(entry->Instruction());
 
 	return 0;
@@ -1049,7 +1058,17 @@ RangeAddress_t NonceRelocs_t::PlopDollopEntry(Zipr_SDK::DollopEntry_t *de,
 	}
 
 	// put down nonces and instruction
-	if(get_cfi_space(insn) > 0  && insn->GetIndirectBranchTargetAddress()==NULL)
+
+	bool isPinnedIBT =  (insn->GetIndirectBranchTargetAddress() != NULL)
+                          && (insn->GetIndirectBranchTargetAddress()->GetVirtualOffset() != 0);
+
+	// For correctness, we have to put non-exe nonces on unpinned IBTs 
+        // even if they have an exe nonce reloc,
+        // because its possible that a plt-style jump targets a return site.
+        // However I've never seen that, so at this point essentially all 
+        // unpinned IBTs with an exe nonce relocation don't need a non-exe nonce.
+        // Should we ignore the never-seen weird case to lower overhead?        
+        if(get_cfi_space(insn) > 0 && !isPinnedIBT)
 	{
 		unsigned int cfi_space=get_cfi_space(insn);