diff options
author | dgarrett@chromium.org <dgarrett@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-09 02:15:48 +0000 |
---|---|---|
committer | dgarrett@chromium.org <dgarrett@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-09 02:15:48 +0000 |
commit | 17b5edc5f1ea6ad35ad96cd16cf9d83e1e62f8a1 (patch) | |
tree | a84c3576bfdbbbd61723d82aaf43072aacbd112b /courgette | |
parent | 317c58f013e2f180a2ba263326d18963583db60e (diff) | |
download | chromium_src-17b5edc5f1ea6ad35ad96cd16cf9d83e1e62f8a1.zip chromium_src-17b5edc5f1ea6ad35ad96cd16cf9d83e1e62f8a1.tar.gz chromium_src-17b5edc5f1ea6ad35ad96cd16cf9d83e1e62f8a1.tar.bz2 |
Fix two pointer arithmetic errors.
In the heuristic for detecting relative references, we had two non-fatal, but
sub-optimal mistakes with pointer arithmetic. This fixes them for both
ELF 32 and Win 32.
BUG=chromiumos:22677
Review URL: http://codereview.chromium.org/8501023
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@109172 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'courgette')
-rw-r--r-- | courgette/disassembler_elf_32_x86.cc | 6 | ||||
-rw-r--r-- | courgette/disassembler_elf_32_x86_unittest.cc | 2 | ||||
-rw-r--r-- | courgette/disassembler_win32_x86.cc | 6 |
3 files changed, 7 insertions, 7 deletions
diff --git a/courgette/disassembler_elf_32_x86.cc b/courgette/disassembler_elf_32_x86.cc index 871cdb7..181f6a3 100644 --- a/courgette/disassembler_elf_32_x86.cc +++ b/courgette/disassembler_elf_32_x86.cc @@ -549,12 +549,12 @@ CheckBool DisassemblerElf32X86::ParseRel32RelocsFromSection( // addressing mode? const uint8* rel32 = NULL; - if (p + 5 < end_pointer) { + if (p + 5 <= end_pointer) { if (*p == 0xE8 || *p == 0xE9) { // jmp rel32 and call rel32 rel32 = p + 1; } } - if (p + 6 < end_pointer) { + if (p + 6 <= end_pointer) { if (*p == 0x0F && (*(p+1) & 0xF0) == 0x80) { // Jcc long form if (p[1] != 0x8A && p[1] != 0x8B) // JPE/JPO unlikely rel32 = p + 2; @@ -571,7 +571,7 @@ CheckBool DisassemblerElf32X86::ParseRel32RelocsFromSection( #if COURGETTE_HISTOGRAM_TARGETS ++rel32_target_rvas_[target_rva]; #endif - p += 4; + p = rel32 + 4; continue; } } diff --git a/courgette/disassembler_elf_32_x86_unittest.cc b/courgette/disassembler_elf_32_x86_unittest.cc index 85c8e26..2624985 100644 --- a/courgette/disassembler_elf_32_x86_unittest.cc +++ b/courgette/disassembler_elf_32_x86_unittest.cc @@ -67,5 +67,5 @@ void DisassemblerElf32X86Test::TestExe(const char* file_name, } TEST_F(DisassemblerElf32X86Test, All) { - TestExe("elf-32-1", 200, 3441); + TestExe("elf-32-1", 200, 3442); } diff --git a/courgette/disassembler_win32_x86.cc b/courgette/disassembler_win32_x86.cc index 10d7e4b..f182062 100644 --- a/courgette/disassembler_win32_x86.cc +++ b/courgette/disassembler_win32_x86.cc @@ -466,12 +466,12 @@ void DisassemblerWin32X86::ParseRel32RelocsFromSection(const Section* section) { // addressing mode? const uint8* rel32 = NULL; - if (p + 5 < end_pointer) { + if (p + 5 <= end_pointer) { if (*p == 0xE8 || *p == 0xE9) { // jmp rel32 and call rel32 rel32 = p + 1; } } - if (p + 6 < end_pointer) { + if (p + 6 <= end_pointer) { if (*p == 0x0F && (*(p+1) & 0xF0) == 0x80) { // Jcc long form if (p[1] != 0x8A && p[1] != 0x8B) // JPE/JPO unlikely rel32 = p + 2; @@ -503,7 +503,7 @@ void DisassemblerWin32X86::ParseRel32RelocsFromSection(const Section* section) { #if COURGETTE_HISTOGRAM_TARGETS ++rel32_target_rvas_[target_rva]; #endif - p += 4; + p = rel32 + 4; continue; } } |