Skip to content

Commit

Permalink
Merge pull request #96 from peace-maker/verify_far_jumps
Browse files Browse the repository at this point in the history
Detect jumps past the end of the function
  • Loading branch information
dvander committed Aug 28, 2016
2 parents 79366c7 + 796d774 commit 4358a25
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
11 changes: 11 additions & 0 deletions vm/method-verifier.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ MethodVerifier::MethodVerifier(PluginRuntime* rt, uint32_t startOffset)
code_(nullptr),
cip_(nullptr),
stop_at_(nullptr),
highest_jump_target_(nullptr),
error_(SP_ERROR_NONE)
{
assert(datSize_ < memSize_);
Expand Down Expand Up @@ -69,6 +70,12 @@ MethodVerifier::verify()
return false;
}

// Jumps past the method boundaries are invalid.
if (highest_jump_target_ && highest_jump_target_ >= cip_) {
reportError(SP_ERROR_INSTRUCTION_PARAM);
return false;
}

return true;
}

Expand Down Expand Up @@ -527,6 +534,10 @@ MethodVerifier::verifyJumpOffset(cell_t offset)
reportError(SP_ERROR_INSTRUCTION_PARAM);
return false;
}

if (!highest_jump_target_ || highest_jump_target_ < target)
highest_jump_target_ = target;

return true;
}

Expand Down
1 change: 1 addition & 0 deletions vm/method-verifier.h
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ class MethodVerifier final
const cell_t* method_;
const cell_t* cip_;
const cell_t* stop_at_;
const cell_t* highest_jump_target_;
ExternalFuncRefCallback collect_func_refs_;
int error_;
};
Expand Down

0 comments on commit 4358a25

Please sign in to comment.