summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordgarrett@chromium.org <dgarrett@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-11-09 02:15:48 +0000
committerdgarrett@chromium.org <dgarrett@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-11-09 02:15:48 +0000
commit17b5edc5f1ea6ad35ad96cd16cf9d83e1e62f8a1 (patch)
treea84c3576bfdbbbd61723d82aaf43072aacbd112b
parent317c58f013e2f180a2ba263326d18963583db60e (diff)
downloadchromium_src-17b5edc5f1ea6ad35ad96cd16cf9d83e1e62f8a1.zip
chromium_src-17b5edc5f1ea6ad35ad96cd16cf9d83e1e62f8a1.tar.gz
chromium_src-17b5edc5f1ea6ad35ad96cd16cf9d83e1e62f8a1.tar.bz2
Fix two pointer arithmetic errors.
In the heuristic for detecting relative references, we had two non-fatal, but sub-optimal mistakes with pointer arithmetic. This fixes them for both ELF 32 and Win 32. BUG=chromiumos:22677 Review URL: http://codereview.chromium.org/8501023 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@109172 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--courgette/disassembler_elf_32_x86.cc6
-rw-r--r--courgette/disassembler_elf_32_x86_unittest.cc2
-rw-r--r--courgette/disassembler_win32_x86.cc6
3 files changed, 7 insertions, 7 deletions
diff --git a/courgette/disassembler_elf_32_x86.cc b/courgette/disassembler_elf_32_x86.cc
index 871cdb7..181f6a3 100644
--- a/courgette/disassembler_elf_32_x86.cc
+++ b/courgette/disassembler_elf_32_x86.cc
@@ -549,12 +549,12 @@ CheckBool DisassemblerElf32X86::ParseRel32RelocsFromSection(
// addressing mode?
const uint8* rel32 = NULL;
- if (p + 5 < end_pointer) {
+ if (p + 5 <= end_pointer) {
if (*p == 0xE8 || *p == 0xE9) { // jmp rel32 and call rel32
rel32 = p + 1;
}
}
- if (p + 6 < end_pointer) {
+ if (p + 6 <= end_pointer) {
if (*p == 0x0F && (*(p+1) & 0xF0) == 0x80) { // Jcc long form
if (p[1] != 0x8A && p[1] != 0x8B) // JPE/JPO unlikely
rel32 = p + 2;
@@ -571,7 +571,7 @@ CheckBool DisassemblerElf32X86::ParseRel32RelocsFromSection(
#if COURGETTE_HISTOGRAM_TARGETS
++rel32_target_rvas_[target_rva];
#endif
- p += 4;
+ p = rel32 + 4;
continue;
}
}
diff --git a/courgette/disassembler_elf_32_x86_unittest.cc b/courgette/disassembler_elf_32_x86_unittest.cc
index 85c8e26..2624985 100644
--- a/courgette/disassembler_elf_32_x86_unittest.cc
+++ b/courgette/disassembler_elf_32_x86_unittest.cc
@@ -67,5 +67,5 @@ void DisassemblerElf32X86Test::TestExe(const char* file_name,
}
TEST_F(DisassemblerElf32X86Test, All) {
- TestExe("elf-32-1", 200, 3441);
+ TestExe("elf-32-1", 200, 3442);
}
diff --git a/courgette/disassembler_win32_x86.cc b/courgette/disassembler_win32_x86.cc
index 10d7e4b..f182062 100644
--- a/courgette/disassembler_win32_x86.cc
+++ b/courgette/disassembler_win32_x86.cc
@@ -466,12 +466,12 @@ void DisassemblerWin32X86::ParseRel32RelocsFromSection(const Section* section) {
// addressing mode?
const uint8* rel32 = NULL;
- if (p + 5 < end_pointer) {
+ if (p + 5 <= end_pointer) {
if (*p == 0xE8 || *p == 0xE9) { // jmp rel32 and call rel32
rel32 = p + 1;
}
}
- if (p + 6 < end_pointer) {
+ if (p + 6 <= end_pointer) {
if (*p == 0x0F && (*(p+1) & 0xF0) == 0x80) { // Jcc long form
if (p[1] != 0x8A && p[1] != 0x8B) // JPE/JPO unlikely
rel32 = p + 2;
@@ -503,7 +503,7 @@ void DisassemblerWin32X86::ParseRel32RelocsFromSection(const Section* section) {
#if COURGETTE_HISTOGRAM_TARGETS
++rel32_target_rvas_[target_rva];
#endif
- p += 4;
+ p = rel32 + 4;
continue;
}
}