From 9a2732f3e8854020da284532806bcc30b20402d8 Mon Sep 17 00:00:00 2001
From: jdh8d <jdh8d@git.zephyr-software.com>
Date: Mon, 14 Apr 2014 18:45:57 +0000
Subject: [PATCH] Updates to watch for pushes that are not in the prologue. 
 this likely makes functions not canary safe due to push/pops around call
 sites.

Former-commit-id: 6c93387c3bdf4a3a99720d6b30500acae1d393c5
---
 tools/transforms/OffsetInference.cpp        | 17 +++++++++++++++++
 tools/transforms/OffsetInference.hpp        |  1 +
 tools/transforms/PNStackLayoutInference.hpp |  1 +
 3 files changed, 19 insertions(+)

diff --git a/tools/transforms/OffsetInference.cpp b/tools/transforms/OffsetInference.cpp
index 96fe92392..b68dd266f 100644
--- a/tools/transforms/OffsetInference.cpp
+++ b/tools/transforms/OffsetInference.cpp
@@ -118,6 +118,8 @@ StackLayout* OffsetInference::SetupLayout(Function_t *func)
 	//until entry is null, or entry has left the function. 
 	while(entry != NULL && (entry->GetFunction()==func))
 	{
+
+		in_prologue[entry]=true;
 		string matched;
 
 		//Instruction_t* instr=*it;
@@ -514,6 +516,21 @@ pn_p1_offsets = new PNStackLayout("P1 Layout",func->GetName(),stack_frame_size,s
 }
 else 
 */
+
+	if(regexec(&(pn_regex->regex_push_anything), disasm_str.c_str(), max, pmatch, 0)==0)
+	{
+		if(!in_prologue[instr])
+		{
+			cerr<<"Found push instruction not in prologue, marking as not canary safe\n";
+			pn_direct_offsets->SetCanarySafe(false);
+			pn_scaled_offsets->SetCanarySafe(false);
+			pn_all_offsets->SetCanarySafe(false);
+			pn_p1_offsets->SetCanarySafe(false);
+			
+		}
+	}
+
+
 	/* check for an lea with an rsp in it -- needs to be done before other regex's */
 	if(regexec(&(pn_regex->regex_lea_rsp), disasm_str.c_str(), 5, pmatch, 0)==0)
 	{
diff --git a/tools/transforms/OffsetInference.hpp b/tools/transforms/OffsetInference.hpp
index b040e1938..d332ecfc8 100644
--- a/tools/transforms/OffsetInference.hpp
+++ b/tools/transforms/OffsetInference.hpp
@@ -9,6 +9,7 @@
 class OffsetInference : public PNStackLayoutInference
 {
 protected:
+	std::map<libIRDB::Instruction_t*, bool> in_prologue;
 	std::map<libIRDB::Function_t*,PNStackLayout*> direct;
 	std::map<libIRDB::Function_t*,PNStackLayout*> scaled;
 	std::map<libIRDB::Function_t*,PNStackLayout*> all_offsets;
diff --git a/tools/transforms/PNStackLayoutInference.hpp b/tools/transforms/PNStackLayoutInference.hpp
index 45c827195..0e418d52d 100644
--- a/tools/transforms/PNStackLayoutInference.hpp
+++ b/tools/transforms/PNStackLayoutInference.hpp
@@ -6,6 +6,7 @@
 #include "StackLayout.hpp"
 #include "PNStackLayout.hpp"
 #include <string>
+#include <map>
 
 class PNStackLayoutInference
 {
-- 
GitLab