Files · ecbf2c4b314b07c7d4472be0a01b17c92007a9c7 · Chen Yisong / swiftshader

Subzero: Fix x86-64 memory sandboxing. · ecbf2c4b

authored Jun 25, 2016

Commit 2e4b960b (https://codereview.chromium.org/2084793002), which made address mode inference more aggressive, exposed a long-standing bug in memory sandboxing, which now manifests in 164.gzip.

The problem is in sandboxed code like this:

movl %eax, %eax
movb 64(%rsp,%rax), %cl

If %eax starts out -1, the mov address is something close to %rsp+4GB, instead of %rsp+63.

To fix this, we need to use an lea instruction in more cases - specifically when the sandboxed address has an index register and the non-symbolic portion of the offset is nonzero.

BUG= none
R=jpp@chromium.org

Review URL: https://codereview.chromium.org/2097193003 .

ecbf2c4b

Name	Last commit	Last update
Makefile.standalone-help		Loading commit data...
bloat		Loading commit data...
crosstest		Loading commit data...
docs		Loading commit data...
pnacl-llvm		Loading commit data...
pydir		Loading commit data...
runtime		Loading commit data...
src		Loading commit data...
tests_lit		Loading commit data...
unittest		Loading commit data...
wasm-tests		Loading commit data...
.dir-locals.el		Loading commit data...
.gitignore		Loading commit data...
CMakeLists.txt		Loading commit data...
DESIGN.rst		Loading commit data...
LICENSE.TXT		Loading commit data...
Makefile		Loading commit data...
Makefile.standalone		Loading commit data...
OWNERS		Loading commit data...
README-wasm.md		Loading commit data...
README.rst		Loading commit data...
c2wasm-exe.sh		Loading commit data...
codereview.settings		Loading commit data...
fetch-torture-tests.sh		Loading commit data...

README-wasm.md