From 688a21cfbd4975d6eb1695ff7c8812e9a595170d Mon Sep 17 00:00:00 2001
From: jdh8d <jdh8d@git.zephyr-software.com>
Date: Tue, 1 Aug 2017 18:57:15 +0000
Subject: [PATCH] Former-commit-id: a690f4ce4f2c852248cd1e4aee434f9fd61a73fc
---
libIRDB/test/fill_in_indtargs.cpp | 54 +++++++++++++++++++++++++------
1 file changed, 44 insertions(+), 10 deletions(-)
diff --git a/libIRDB/test/fill_in_indtargs.cpp b/libIRDB/test/fill_in_indtargs.cpp
index a6bb2813e..ccb550a9f 100644
--- a/libIRDB/test/fill_in_indtargs.cpp
+++ b/libIRDB/test/fill_in_indtargs.cpp
@@ -1166,7 +1166,25 @@ I5-2 0x00000000000b93bf <+59>: lea rax,[rip+0x1f33a] # 0xd8700
0x00000000000b93c6 <+66>: add rax,rdx
0x00000000000b93c9 <+69>: jmp rax
-Since I6 doesn't access memory, do another backup until with to verify a
+Note: Since I6 doesn't access memory, do another backup until with to verify address format
+
+Alternate version 2:
+
+ 0xdcf7 <+7>: mov r8,QWORD PTR [rdi+0xa0]
+ 0xdcfe <+14>: cmp r8,rax
+ 0xdd01 <+17>: jbe 0xdd5c <httpd_got_request+108>
+ 0xdd03 <+19>: mov r9,QWORD PTR [rdi+0x90]
+I5 0xdd0a <+26>: lea rcx,[rip+0x2a427] # 0x38138
+ 0xdd11 <+33>: cmp DWORD PTR [rdi+0xb0],0xb
+ 0xdd18 <+40>: movzx edx,BYTE PTR [r9+rax*1]
+ 0xdd1d <+45>: ja 0xdd4c <httpd_got_request+92>
+ 0xdd1f <+47>: mov esi,DWORD PTR [rdi+0xb0]
+I6 0xdd25 <+53>: movsxd rsi,DWORD PTR [rcx+rsi*4]
+I7 0xdd29 <+57>: add rsi,rcx
+I8 0xdd2c <+60>: jmp rsi
+
+Note: Here the operands of the add are reversed, so lookup code was not finding I5 where it was expected.
+
#endif
@@ -1174,7 +1192,7 @@ Since I6 doesn't access memory, do another backup until with to verify a
// for now, only trying to find I4-I8. ideally finding I1 would let us know the size of the
// jump table. We'll figure out N by trying targets until they fail to produce something valid.
- string table_index_str, cmp_str;
+ string table_index_str;
Instruction_t* I8=insn;
Instruction_t* I7=NULL;
Instruction_t* I6=NULL;
@@ -1206,7 +1224,8 @@ Since I6 doesn't access memory, do another backup until with to verify a
table_index_str += disasm.Argument1.ArgMnemonic;
table_index_str += ")";
- cmp_str = string("cmp ") + disasm.Argument1.ArgMnemonic;
+ const auto cmp_str = string("cmp ") + disasm.Argument1.ArgMnemonic;
+ const auto cmp_str2 = string("cmp ") + disasm.Argument2.ArgMnemonic;
if(!backup_until(table_index_str.c_str(), I7, I8))
return;
@@ -1344,22 +1363,37 @@ Since I6 doesn't access memory, do another backup until with to verify a
continue;
int table_size = 0;
- if(!backup_until(cmp_str.c_str(), I1, I8))
+ if(backup_until(cmp_str.c_str(), I1, I8))
{
- cout<<"pic64: could not find size of switch table"<<endl;
-
- // we set the table_size variable to max_int so that we can still do pinning,
- // but we won't do the switch identification.
- table_size=std::numeric_limits<int>::max();
+ DISASM d1;
+ I1->Disassemble(d1);
+ table_size = d1.Instruction.Immediat;
+ if (table_size <= 0)
+ {
+ cout<<"pic64: found I1 ('"<<d1.CompleteInstr<<"'), but could not find size of switch table"<<endl;
+ // set table_size to be very large, so we can still do pinning appropriately
+ table_size=std::numeric_limits<int>::max();
+ }
}
- else
+ else if(backup_until(cmp_str2.c_str(), I1, I8))
{
DISASM d1;
I1->Disassemble(d1);
table_size = d1.Instruction.Immediat;
if (table_size <= 0)
+ {
// set table_size to be very large, so we can still do pinning appropriately
+ cout<<"pic64: found I1 ('"<<d1.CompleteInstr<<"'), but could not find size of switch table"<<endl;
table_size=std::numeric_limits<int>::max();
+ }
+ }
+ else
+ {
+ cout<<"pic64: could not find size of switch table"<<endl;
+
+ // we set the table_size variable to max_int so that we can still do pinning,
+ // but we won't do the switch identification.
+ table_size=std::numeric_limits<int>::max();
}
set<Instruction_t *> ibtargets;
--
GitLab