fix: Allow Windows CFI to underflow #645
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We have seen some SaveNonVolatile unwind operations underflow the current stack frame, so they are saving/loading registers into the callers stack frame.
For example `VCRUNTIME140.dll!__C_specific_handler` can do this.
Its full Unwind Operations look like this:
```
Function Table:
Start Address: 0xbff0
End Address: 0xc1eb
Unwind Info Address: 0x10138
Version: 1
Flags: 0
Size of prolog: 28
Number of Codes: 12
No frame pointer used
Unwind Codes:
0x1c: UOP_SaveNonVol RSI [0x0080]
0x1c: UOP_SaveNonVol RBP [0x0078]
0x1c: UOP_SaveNonVol RBX [0x0070]
0x1c: UOP_AllocSmall 64
0x18: UOP_PushNonVol R15
0x16: UOP_PushNonVol R14
0x14: UOP_PushNonVol R13
0x12: UOP_PushNonVol R12
0x10: UOP_PushNonVol RDI
```
We previously used saturating_sub to clamp these offsets to 0, meaning things are loaded from the current stack frame instead of from the callers frame. Now we correctly generate ASCII CFI for these Unwind Codes.
kamilogorek
reviewed
Aug 2, 2022
| @@ -1074,7 +1080,8 @@ impl<W: Write> AsciiCfiWriter<W> { | |||
| " {}: {} {} + ^", | |||
| reg.name(), | |||
| unwind_info.frame_register.name(), | |||
| offset.saturating_sub(unwind_info.frame_register_offset) | |||
| offset.wrapping_sub(unwind_info.frame_register_offset) | |||
| as i32 | |||
There was a problem hiding this comment.
Ugh, thats ugly wrapping :3
kamilogorek
approved these changes
Aug 2, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We have seen some SaveNonVolatile unwind operations underflow the current stack frame, so they are saving/loading registers into the callers stack frame.
For example
VCRUNTIME140.dll!__C_specific_handlercan do this.Its full Unwind Operations look like this:
We previously used saturating_sub to clamp these offsets to 0, meaning things are loaded from the current stack frame instead of from the callers frame. Now we correctly generate ASCII CFI for these Unwind Codes.
This fixes one pre-condition of #638, namely that it depends on
$rbpwhich is loaded from the above unwind codes, thus outside its own stack frame.