PC-relative read in indirect jump was not modified during relocation #133
Assignees
Labels
Comments
|
The indirect jump is an indirect tail call and should be treated as an indirect call during relocation. The current code only checks information from instructionAPI to determine whether an instruction is call or not, so our current code would wrongly claim that this indirect jump is not an indirect call. I add code to check whether the relocation block ends with an indirect tail call. Victor has confirmed that the my fix solves his issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reported by Victor van der Veen.
When relocating the following function
000000000089c550 <uv__malloc>:89c550: 55 push %rbp89c551: 48 89 e5 mov %rsp,%rbp89c554: 5d pop %rbp89c555: ff 25 55 5d 41 00 jmpq *0x415d55(%rip) # cb22b0 <uv__allocator.0>the indirect jump at "89c555" contains a PC-relative memory reference and the address of the memory access should be compensated after relocation, which does not happen.
I am able to reproduce this bug on current master with the provided mutator and mutatee.
The text was updated successfully, but these errors were encountered: