bug-binutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Objdump missinterpretes padding bytes


From: Dominic Schell
Subject: Objdump missinterpretes padding bytes
Date: Thu, 28 Jul 2005 20:04:46 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050715

Hello,

I'm new to list and I'm sorry that I have to report a very subtle bug in
src/opcodes/i386-dis.c, but I have a patch :o)

I'm using objdump as a preprocessor for a tool which analyzes a binary's
assembly and discovered that a jump instruction in the libc function
"strrchr" has no target or rather the target lies within an instruction.
Objdump missinterpretes 3 padding bytes and thus creates incorrect disassembly
output:

> objdump -d /usr/lib/libc.a

00000000 <strrchr>:
...
  67:   00 00                   add    %al,(%eax)
  69:   00 83 ee 04 83 ee       add    %al,0xee8304ee(%ebx)
  6f:   04 83                   add    $0x83,%al
  71:   ee                      out    %al,(%dx)
  72:   04 f7                   add    $0xf7,%al
  74:   c2 00 00                ret    $0x0
  77:   00 ff                   add    %bh,%bh
  ...
  ca:   73 9e                   jae    6a <strrchr+0x6a>
                                                   ^^^^
                                   target is within line 69!


I fixed the bug and now the assembly looks correct:

> diff libc.dump-old libc.dump-new
95157,95163c95157,95161
<   67: 00 00                   add    %al,(%eax)
<   69: 00 83 ee 04 83 ee       add    %al,0xee8304ee(%ebx)
<   6f: 04 83                   add    $0x83,%al
<   71: ee                      out    %al,(%dx)
<   72: 04 f7                   add    $0xf7,%al
<   74: c2 00 00                ret    $0x0
<   77: 00 ff                   add    %bh,%bh
---
>   67: 00 00 00                .byte 0x00 .byte 0x00 .byte 0x00
>   6a: 83 ee 04                sub    $0x4,%esi
>   6d: 83 ee 04                sub    $0x4,%esi
>   70: 83 ee 04                sub    $0x4,%esi
>   73: f7 c2 00 00 00 ff       test   $0xff000000,%edx


I appended the patch for the latest cvs version. You can patch from the src
directory:

src> patch opcodes/i386-dis.c i386-dis.diff

Hope that helps,
 __
|  \ _  _ . _ . _
|__/(_)||||| )|(_

-- 
Dipl.-Inf. Dominic Schell                               room: 05.156
Lehrstuhl fuer Programmiersysteme (Informatik 2)        phone:+49 9131 852 7599
Martensstr. 3, 91058 Erlangen, Germany                  fax:  +49 9131 852 8809
Index: opcodes/i386-dis.c
===================================================================
RCS file: /cvs/src/src/opcodes/i386-dis.c,v
retrieving revision 1.66
diff -u -r1.66 i386-dis.c
--- opcodes/i386-dis.c  19 Jul 2005 04:11:18 -0000      1.66
+++ opcodes/i386-dis.c  28 Jul 2005 17:52:27 -0000
@@ -2148,6 +2148,27 @@
     }
   codep++;
 
+  /* test for padding bytes as they may lead to misinterpreted
+   * instructions */
+  if (codep[-1] == 0x00)
+    {
+      FETCH_DATA (the_info, codep + 1);
+      if( *codep == 0x00 )
+      {
+        FETCH_DATA (the_info, codep + 2);
+        if( *codep == 0x00 )
+        {
+          /* print the padding bytes as .byte instructions.  */
+          oappend (".byte 0x00 ");
+          oappend (".byte 0x00 ");
+          oappend (".byte 0x00");
+          (*info->fprintf_func) (info->stream, "%s", obuf);
+          codep += 2;
+          return 3;
+        }
+      }
+    }
+
   if (!uses_SSE_prefix && (prefixes & PREFIX_REPZ))
     {
       oappend ("repz ");

reply via email to

[Prev in Thread] Current Thread [Next in Thread]