The Tor Browser / file comparison
comparison: toolkit/crashreporter/google-breakpad/src/processor/disassembler_x86_unittest.cc
toolkit/crashreporter/google-breakpad/src/processor/disassembler_x86_unittest.cc
- changeset 0
- 6474c204b198
equal
deleted
inserted
replaced
| -1:000000000000 | 0:f90c6477049f |
|---|---|
| 1 // All rights reserved. | |
| 2 // | |
| 3 // Redistribution and use in source and binary forms, with or without | |
| 4 // modification, are permitted provided that the following conditions are | |
| 5 // met: | |
| 6 // | |
| 7 // * Redistributions of source code must retain the above copyright | |
| 8 // notice, this list of conditions and the following disclaimer. | |
| 9 // * Redistributions in binary form must reproduce the above | |
| 10 // copyright notice, this list of conditions and the following disclaimer | |
| 11 // in the documentation and/or other materials provided with the | |
| 12 // distribution. | |
| 13 // * Neither the name of Google Inc. nor the names of its | |
| 14 // contributors may be used to endorse or promote products derived from | |
| 15 // this software without specific prior written permission. | |
| 16 // | |
| 17 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 18 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 19 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 20 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 21 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 22 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
| 23 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 24 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
| 25 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| 26 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 27 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE// | |
| 28 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
| 29 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
| 30 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
| 31 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
| 32 // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
| 33 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
| 34 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
| 35 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
| 36 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
| 37 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 38 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 39 | |
| 40 #include <unistd.h> | |
| 41 | |
| 42 #include "breakpad_googletest_includes.h" | |
| 43 #include "processor/disassembler_x86.h" | |
| 44 #include "third_party/libdisasm/libdis.h" | |
| 45 | |
| 46 namespace { | |
| 47 | |
| 48 using google_breakpad::DisassemblerX86; | |
| 49 | |
| 50 unsigned char just_return[] = "\xc3"; // retn | |
| 51 | |
| 52 unsigned char invalid_instruction[] = "\x00"; // invalid | |
| 53 | |
| 54 unsigned char read_eax_jmp_eax[] = | |
| 55 "\x8b\x18" // mov ebx, [eax]; | |
| 56 "\x33\xc9" // xor ebx, ebx; | |
| 57 "\xff\x20" // jmp eax; | |
| 58 "\xc3"; // retn; | |
| 59 | |
| 60 unsigned char write_eax_arg_to_call[] = | |
| 61 "\x89\xa8\x00\x02\x00\x00" // mov [eax+200], ebp; | |
| 62 "\xc1\xeb\x02" // shr ebx, 2; | |
| 63 "\x50" // push eax; | |
| 64 "\xe8\xd1\x24\x77\x88" // call something; | |
| 65 "\xc3"; // retn; | |
| 66 | |
| 67 unsigned char read_edi_stosb[] = | |
| 68 "\x8b\x07" // mov eax, [edi]; | |
| 69 "\x8b\xc8" // mov ecx, eax; | |
| 70 "\xf3\xaa" // rep stosb; | |
| 71 "\xc3"; // retn; | |
| 72 | |
| 73 unsigned char read_clobber_write[] = | |
| 74 "\x03\x18" // add ebx, [eax]; | |
| 75 "\x8b\xc1" // mov eax, ecx; | |
| 76 "\x89\x10" // mov [eax], edx; | |
| 77 "\xc3"; // retn; | |
| 78 | |
| 79 unsigned char read_xchg_write[] = | |
| 80 "\x03\x18" // add ebx, [eax]; | |
| 81 "\x91" // xchg eax, ecx; | |
| 82 "\x89\x18" // mov [eax], ebx; | |
| 83 "\x89\x11" // mov [ecx], edx; | |
| 84 "\xc3"; // retn; | |
| 85 | |
| 86 unsigned char read_cmp[] = | |
| 87 "\x03\x18" // add ebx, [eax]; | |
| 88 "\x83\xf8\x00" // cmp eax, 0; | |
| 89 "\x74\x04" // je +4; | |
| 90 "\xc3"; // retn; | |
| 91 | |
| 92 TEST(DisassemblerX86Test, SimpleReturnInstruction) { | |
| 93 DisassemblerX86 dis(just_return, sizeof(just_return)-1, 0); | |
| 94 EXPECT_EQ(1U, dis.NextInstruction()); | |
| 95 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 96 EXPECT_EQ(0U, dis.flags()); | |
| 97 EXPECT_TRUE(dis.endOfBlock()); | |
| 98 EXPECT_EQ(libdis::insn_controlflow, dis.currentInstructionGroup()); | |
| 99 const libdis::x86_insn_t* instruction = dis.currentInstruction(); | |
| 100 EXPECT_EQ(libdis::insn_controlflow, instruction->group); | |
| 101 EXPECT_EQ(libdis::insn_return, instruction->type); | |
| 102 EXPECT_EQ(0U, dis.NextInstruction()); | |
| 103 EXPECT_FALSE(dis.currentInstructionValid()); | |
| 104 EXPECT_EQ(NULL, dis.currentInstruction()); | |
| 105 } | |
| 106 | |
| 107 TEST(DisassemblerX86Test, SimpleInvalidInstruction) { | |
| 108 DisassemblerX86 dis(invalid_instruction, sizeof(invalid_instruction)-1, 0); | |
| 109 EXPECT_EQ(0U, dis.NextInstruction()); | |
| 110 EXPECT_FALSE(dis.currentInstructionValid()); | |
| 111 } | |
| 112 | |
| 113 TEST(DisassemblerX86Test, BadReadLeadsToBranch) { | |
| 114 DisassemblerX86 dis(read_eax_jmp_eax, sizeof(read_eax_jmp_eax)-1, 0); | |
| 115 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 116 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 117 EXPECT_EQ(0U, dis.flags()); | |
| 118 EXPECT_FALSE(dis.endOfBlock()); | |
| 119 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 120 EXPECT_TRUE(dis.setBadRead()); | |
| 121 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 122 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 123 EXPECT_EQ(0U, dis.flags()); | |
| 124 EXPECT_FALSE(dis.endOfBlock()); | |
| 125 EXPECT_EQ(libdis::insn_logic, dis.currentInstructionGroup()); | |
| 126 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 127 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 128 EXPECT_EQ(google_breakpad::DISX86_BAD_BRANCH_TARGET, dis.flags()); | |
| 129 EXPECT_FALSE(dis.endOfBlock()); | |
| 130 EXPECT_EQ(libdis::insn_controlflow, dis.currentInstructionGroup()); | |
| 131 } | |
| 132 | |
| 133 TEST(DisassemblerX86Test, BadWriteLeadsToPushedArg) { | |
| 134 DisassemblerX86 dis(write_eax_arg_to_call, | |
| 135 sizeof(write_eax_arg_to_call)-1, 0); | |
| 136 EXPECT_EQ(6U, dis.NextInstruction()); | |
| 137 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 138 EXPECT_EQ(0U, dis.flags()); | |
| 139 EXPECT_FALSE(dis.endOfBlock()); | |
| 140 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 141 EXPECT_TRUE(dis.setBadWrite()); | |
| 142 EXPECT_EQ(3U, dis.NextInstruction()); | |
| 143 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 144 EXPECT_EQ(0U, dis.flags()); | |
| 145 EXPECT_FALSE(dis.endOfBlock()); | |
| 146 EXPECT_EQ(libdis::insn_arithmetic, dis.currentInstructionGroup()); | |
| 147 EXPECT_EQ(1U, dis.NextInstruction()); | |
| 148 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 149 EXPECT_EQ(0U, dis.flags()); | |
| 150 EXPECT_FALSE(dis.endOfBlock()); | |
| 151 EXPECT_EQ(5U, dis.NextInstruction()); | |
| 152 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 153 EXPECT_EQ(google_breakpad::DISX86_BAD_ARGUMENT_PASSED, dis.flags()); | |
| 154 EXPECT_EQ(libdis::insn_controlflow, dis.currentInstructionGroup()); | |
| 155 EXPECT_FALSE(dis.endOfBlock()); | |
| 156 } | |
| 157 | |
| 158 | |
| 159 TEST(DisassemblerX86Test, BadReadLeadsToBlockWrite) { | |
| 160 DisassemblerX86 dis(read_edi_stosb, sizeof(read_edi_stosb)-1, 0); | |
| 161 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 162 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 163 EXPECT_EQ(0U, dis.flags()); | |
| 164 EXPECT_FALSE(dis.endOfBlock()); | |
| 165 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 166 EXPECT_TRUE(dis.setBadRead()); | |
| 167 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 168 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 169 EXPECT_EQ(0U, dis.flags()); | |
| 170 EXPECT_FALSE(dis.endOfBlock()); | |
| 171 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 172 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 173 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 174 EXPECT_EQ(google_breakpad::DISX86_BAD_BLOCK_WRITE, dis.flags()); | |
| 175 EXPECT_FALSE(dis.endOfBlock()); | |
| 176 EXPECT_EQ(libdis::insn_string, dis.currentInstructionGroup()); | |
| 177 } | |
| 178 | |
| 179 TEST(DisassemblerX86Test, BadReadClobberThenWrite) { | |
| 180 DisassemblerX86 dis(read_clobber_write, sizeof(read_clobber_write)-1, 0); | |
| 181 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 182 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 183 EXPECT_EQ(0U, dis.flags()); | |
| 184 EXPECT_FALSE(dis.endOfBlock()); | |
| 185 EXPECT_EQ(libdis::insn_arithmetic, dis.currentInstructionGroup()); | |
| 186 EXPECT_TRUE(dis.setBadRead()); | |
| 187 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 188 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 189 EXPECT_EQ(0U, dis.flags()); | |
| 190 EXPECT_FALSE(dis.endOfBlock()); | |
| 191 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 192 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 193 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 194 EXPECT_EQ(0U, dis.flags()); | |
| 195 EXPECT_FALSE(dis.endOfBlock()); | |
| 196 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 197 } | |
| 198 | |
| 199 TEST(DisassemblerX86Test, BadReadXCHGThenWrite) { | |
| 200 DisassemblerX86 dis(read_xchg_write, sizeof(read_xchg_write)-1, 0); | |
| 201 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 202 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 203 EXPECT_EQ(0U, dis.flags()); | |
| 204 EXPECT_FALSE(dis.endOfBlock()); | |
| 205 EXPECT_EQ(libdis::insn_arithmetic, dis.currentInstructionGroup()); | |
| 206 EXPECT_TRUE(dis.setBadRead()); | |
| 207 EXPECT_EQ(1U, dis.NextInstruction()); | |
| 208 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 209 EXPECT_EQ(0U, dis.flags()); | |
| 210 EXPECT_FALSE(dis.endOfBlock()); | |
| 211 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 212 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 213 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 214 EXPECT_EQ(0U, dis.flags()); | |
| 215 EXPECT_FALSE(dis.endOfBlock()); | |
| 216 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 217 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 218 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 219 EXPECT_EQ(google_breakpad::DISX86_BAD_WRITE, dis.flags()); | |
| 220 EXPECT_FALSE(dis.endOfBlock()); | |
| 221 EXPECT_EQ(libdis::insn_move, dis.currentInstructionGroup()); | |
| 222 } | |
| 223 | |
| 224 TEST(DisassemblerX86Test, BadReadThenCMP) { | |
| 225 DisassemblerX86 dis(read_cmp, sizeof(read_cmp)-1, 0); | |
| 226 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 227 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 228 EXPECT_EQ(0U, dis.flags()); | |
| 229 EXPECT_FALSE(dis.endOfBlock()); | |
| 230 EXPECT_EQ(libdis::insn_arithmetic, dis.currentInstructionGroup()); | |
| 231 EXPECT_TRUE(dis.setBadRead()); | |
| 232 EXPECT_EQ(3U, dis.NextInstruction()); | |
| 233 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 234 EXPECT_EQ(google_breakpad::DISX86_BAD_COMPARISON, dis.flags()); | |
| 235 EXPECT_FALSE(dis.endOfBlock()); | |
| 236 EXPECT_EQ(libdis::insn_comparison, dis.currentInstructionGroup()); | |
| 237 EXPECT_EQ(2U, dis.NextInstruction()); | |
| 238 EXPECT_TRUE(dis.currentInstructionValid()); | |
| 239 EXPECT_EQ(google_breakpad::DISX86_BAD_COMPARISON, dis.flags()); | |
| 240 EXPECT_FALSE(dis.endOfBlock()); | |
| 241 EXPECT_EQ(libdis::insn_controlflow, dis.currentInstructionGroup()); | |
| 242 } | |
| 243 } |
