Skip to content

Commit 344af8c

Browse files
Copilotjkotas
Copilot
and
jkotas
authored
Fix misaligned memory writes in i386 and amd64 dynamic helper code generation (#118680)
Fixes #118602 Co-authored-by: jkotas <6668460+jkotas@users.noreply.github.com>
1 parent f2fadd8 commit 344af8c

File tree

2 files changed

+83
-83
lines changed

2 files changed

+83
-83
lines changed

src/coreclr/vm/amd64/cgenamd64.cpp

Lines changed: 54 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -388,14 +388,14 @@ void EncodeLoadAndJumpThunk (LPBYTE pBuffer, LPVOID pv, LPVOID pTarget)
388388
pBuffer[0] = 0x49;
389389
pBuffer[1] = 0xBA;
390390

391-
*((UINT64 UNALIGNED *)&pBuffer[2]) = (UINT64)pv;
391+
SET_UNALIGNED_64(&pBuffer[2], pv);
392392

393393
// mov rax, pTarget 48 b8 xx xx xx xx xx xx xx xx
394394

395395
pBuffer[10] = 0x48;
396396
pBuffer[11] = 0xB8;
397397

398-
*((UINT64 UNALIGNED *)&pBuffer[12]) = (UINT64)pTarget;
398+
SET_UNALIGNED_64(&pBuffer[12], pTarget);
399399

400400
// jmp rax ff e0
401401

@@ -427,7 +427,7 @@ void emitCOMStubCall (ComCallMethodDesc *pCOMMethodRX, ComCallMethodDesc *pCOMMe
427427
// nop 90
428428
// call [$ - 10] ff 15 f0 ff ff ff
429429

430-
*((UINT64 *)&pBufferRW[COMMETHOD_CALL_PRESTUB_ADDRESS_OFFSET]) = (UINT64)target;
430+
SET_UNALIGNED_64(&pBufferRW[COMMETHOD_CALL_PRESTUB_ADDRESS_OFFSET], target);
431431

432432
pBufferRW[-2] = 0x90;
433433
pBufferRW[-1] = 0x90;
@@ -459,7 +459,7 @@ void emitJump(LPBYTE pBufferRX, LPBYTE pBufferRW, LPVOID target)
459459
pBufferRW[0] = 0x48;
460460
pBufferRW[1] = 0xB8;
461461

462-
*((UINT64 UNALIGNED *)&pBufferRW[2]) = (UINT64)target;
462+
SET_UNALIGNED_64(&pBufferRW[2], target);
463463

464464
pBufferRW[10] = 0xFF;
465465
pBufferRW[11] = 0xE0;
@@ -638,16 +638,16 @@ PCODE DynamicHelpers::CreateHelper(LoaderAllocator * pAllocator, TADDR arg, PCOD
638638
BEGIN_DYNAMIC_HELPER_EMIT(15);
639639

640640
#ifdef UNIX_AMD64_ABI
641-
*(UINT16 *)p = 0xBF48; // mov rdi, XXXXXX
641+
SET_UNALIGNED_16(p, 0xBF48); // mov rdi, XXXXXX
642642
#else
643-
*(UINT16 *)p = 0xB948; // mov rcx, XXXXXX
643+
SET_UNALIGNED_16(p, 0xB948); // mov rcx, XXXXXX
644644
#endif
645645
p += 2;
646-
*(TADDR *)p = arg;
646+
SET_UNALIGNED_64(p, arg);
647647
p += 8;
648648

649649
*p++ = X86_INSTR_JMP_REL32; // jmp rel32
650-
*(INT32 *)p = rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator);
650+
SET_UNALIGNED_32(p, rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator));
651651
p += 4;
652652

653653
END_DYNAMIC_HELPER_EMIT();
@@ -665,16 +665,16 @@ void DynamicHelpers::EmitHelperWithArg(BYTE*& p, size_t rxOffset, LoaderAllocato
665665
// Move an argument into the second argument register and jump to a target function.
666666

667667
#ifdef UNIX_AMD64_ABI
668-
*(UINT16 *)p = 0xBE48; // mov rsi, XXXXXX
668+
SET_UNALIGNED_16(p, 0xBE48); // mov rsi, XXXXXX
669669
#else
670-
*(UINT16 *)p = 0xBA48; // mov rdx, XXXXXX
670+
SET_UNALIGNED_16(p, 0xBA48); // mov rdx, XXXXXX
671671
#endif
672672
p += 2;
673-
*(TADDR *)p = arg;
673+
SET_UNALIGNED_64(p, arg);
674674
p += 8;
675675

676676
*p++ = X86_INSTR_JMP_REL32; // jmp rel32
677-
*(INT32 *)p = rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator);
677+
SET_UNALIGNED_32(p, rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator));
678678
p += 4;
679679
}
680680

@@ -692,25 +692,25 @@ PCODE DynamicHelpers::CreateHelper(LoaderAllocator * pAllocator, TADDR arg, TADD
692692
BEGIN_DYNAMIC_HELPER_EMIT(25);
693693

694694
#ifdef UNIX_AMD64_ABI
695-
*(UINT16 *)p = 0xBF48; // mov rdi, XXXXXX
695+
SET_UNALIGNED_16(p, 0xBF48); // mov rdi, XXXXXX
696696
#else
697-
*(UINT16 *)p = 0xB948; // mov rcx, XXXXXX
697+
SET_UNALIGNED_16(p, 0xB948); // mov rcx, XXXXXX
698698
#endif
699699
p += 2;
700-
*(TADDR *)p = arg;
700+
SET_UNALIGNED_64(p, arg);
701701
p += 8;
702702

703703
#ifdef UNIX_AMD64_ABI
704-
*(UINT16 *)p = 0xBE48; // mov rsi, XXXXXX
704+
SET_UNALIGNED_16(p, 0xBE48); // mov rsi, XXXXXX
705705
#else
706-
*(UINT16 *)p = 0xBA48; // mov rdx, XXXXXX
706+
SET_UNALIGNED_16(p, 0xBA48); // mov rdx, XXXXXX
707707
#endif
708708
p += 2;
709-
*(TADDR *)p = arg2;
709+
SET_UNALIGNED_64(p, arg2);
710710
p += 8;
711711

712712
*p++ = X86_INSTR_JMP_REL32; // jmp rel32
713-
*(INT32 *)p = rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator);
713+
SET_UNALIGNED_32(p, rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator));
714714
p += 4;
715715

716716
END_DYNAMIC_HELPER_EMIT();
@@ -722,24 +722,24 @@ PCODE DynamicHelpers::CreateHelperArgMove(LoaderAllocator * pAllocator, TADDR ar
722722

723723
#ifdef UNIX_AMD64_ABI
724724
*p++ = 0x48; // mov rsi, rdi
725-
*(UINT16 *)p = 0xF78B;
725+
SET_UNALIGNED_16(p, 0xF78B);
726726
#else
727727
*p++ = 0x48; // mov rdx, rcx
728-
*(UINT16 *)p = 0xD18B;
728+
SET_UNALIGNED_16(p, 0xD18B);
729729
#endif
730730
p += 2;
731731

732732
#ifdef UNIX_AMD64_ABI
733-
*(UINT16 *)p = 0xBF48; // mov rdi, XXXXXX
733+
SET_UNALIGNED_16(p, 0xBF48); // mov rdi, XXXXXX
734734
#else
735-
*(UINT16 *)p = 0xB948; // mov rcx, XXXXXX
735+
SET_UNALIGNED_16(p, 0xB948); // mov rcx, XXXXXX
736736
#endif
737737
p += 2;
738-
*(TADDR *)p = arg;
738+
SET_UNALIGNED_64(p, arg);
739739
p += 8;
740740

741741
*p++ = X86_INSTR_JMP_REL32; // jmp rel32
742-
*(INT32 *)p = rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator);
742+
SET_UNALIGNED_32(p, rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator));
743743
p += 4;
744744

745745
END_DYNAMIC_HELPER_EMIT();
@@ -758,9 +758,9 @@ PCODE DynamicHelpers::CreateReturnConst(LoaderAllocator * pAllocator, TADDR arg)
758758
{
759759
BEGIN_DYNAMIC_HELPER_EMIT(11);
760760

761-
*(UINT16 *)p = 0xB848; // mov rax, XXXXXX
761+
SET_UNALIGNED_16(p, 0xB848); // mov rax, XXXXXX
762762
p += 2;
763-
*(TADDR *)p = arg;
763+
SET_UNALIGNED_64(p, arg);
764764
p += 8;
765765

766766
*p++ = 0xC3; // ret
@@ -772,9 +772,9 @@ PCODE DynamicHelpers::CreateReturnIndirConst(LoaderAllocator * pAllocator, TADDR
772772
{
773773
BEGIN_DYNAMIC_HELPER_EMIT((offset != 0) ? 15 : 11);
774774

775-
*(UINT16 *)p = 0xA148; // mov rax, [XXXXXX]
775+
SET_UNALIGNED_16(p, 0xA148); // mov rax, [XXXXXX]
776776
p += 2;
777-
*(TADDR *)p = arg;
777+
SET_UNALIGNED_64(p, arg);
778778
p += 8;
779779

780780
if (offset != 0)
@@ -796,16 +796,16 @@ PCODE DynamicHelpers::CreateHelperWithTwoArgs(LoaderAllocator * pAllocator, TADD
796796
BEGIN_DYNAMIC_HELPER_EMIT(15);
797797

798798
#ifdef UNIX_AMD64_ABI
799-
*(UINT16 *)p = 0xBA48; // mov rdx, XXXXXX
799+
SET_UNALIGNED_16(p, 0xBA48); // mov rdx, XXXXXX
800800
#else
801-
*(UINT16 *)p = 0xB849; // mov r8, XXXXXX
801+
SET_UNALIGNED_16(p, 0xB849); // mov r8, XXXXXX
802802
#endif
803803
p += 2;
804-
*(TADDR *)p = arg;
804+
SET_UNALIGNED_64(p, arg);
805805
p += 8;
806806

807807
*p++ = X86_INSTR_JMP_REL32; // jmp rel32
808-
*(INT32 *)p = rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator);
808+
SET_UNALIGNED_32(p, rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator));
809809
p += 4;
810810

811811
END_DYNAMIC_HELPER_EMIT();
@@ -816,25 +816,25 @@ PCODE DynamicHelpers::CreateHelperWithTwoArgs(LoaderAllocator * pAllocator, TADD
816816
BEGIN_DYNAMIC_HELPER_EMIT(25);
817817

818818
#ifdef UNIX_AMD64_ABI
819-
*(UINT16 *)p = 0xBA48; // mov rdx, XXXXXX
819+
SET_UNALIGNED_16(p, 0xBA48); // mov rdx, XXXXXX
820820
#else
821-
*(UINT16 *)p = 0xB849; // mov r8, XXXXXX
821+
SET_UNALIGNED_16(p, 0xB849); // mov r8, XXXXXX
822822
#endif
823823
p += 2;
824-
*(TADDR *)p = arg;
824+
SET_UNALIGNED_64(p, arg);
825825
p += 8;
826826

827827
#ifdef UNIX_AMD64_ABI
828-
*(UINT16 *)p = 0xB948; // mov rcx, XXXXXX
828+
SET_UNALIGNED_16(p, 0xB948); // mov rcx, XXXXXX
829829
#else
830-
*(UINT16 *)p = 0xB949; // mov r9, XXXXXX
830+
SET_UNALIGNED_16(p, 0xB949); // mov r9, XXXXXX
831831
#endif
832832
p += 2;
833-
*(TADDR *)p = arg2;
833+
SET_UNALIGNED_64(p, arg2);
834834
p += 8;
835835

836836
*p++ = X86_INSTR_JMP_REL32; // jmp rel32
837-
*(INT32 *)p = rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator);
837+
SET_UNALIGNED_32(p, rel32UsingJumpStub((INT32 *)(p + rxOffset), target, NULL, pAllocator));
838838
p += 4;
839839

840840
END_DYNAMIC_HELPER_EMIT();
@@ -885,9 +885,9 @@ PCODE DynamicHelpers::CreateDictionaryLookupHelper(LoaderAllocator * pAllocator,
885885
_ASSERTE(pLookup->testForNull && i > 0);
886886

887887
// cmp qword ptr[rax + sizeOffset],slotOffset
888-
*(UINT32*)p = 0x00b88148; p += 3;
889-
*(UINT32*)p = (UINT32)pLookup->sizeOffset; p += 4;
890-
*(UINT32*)p = (UINT32)slotOffset; p += 4;
888+
SET_UNALIGNED_32(p, 0x00b88148); p += 3;
889+
SET_UNALIGNED_32(p, (UINT32)pLookup->sizeOffset); p += 4;
890+
SET_UNALIGNED_32(p, (UINT32)slotOffset); p += 4;
891891

892892
// jle 'HELPER CALL'
893893
*p++ = 0x7e;
@@ -901,24 +901,24 @@ PCODE DynamicHelpers::CreateDictionaryLookupHelper(LoaderAllocator * pAllocator,
901901
// mov rax,qword ptr [rdi+offset]
902902
if (pLookup->offsets[i] >= 0x80)
903903
{
904-
*(UINT32*)p = 0x00878b48; p += 3;
905-
*(UINT32*)p = (UINT32)pLookup->offsets[i]; p += 4;
904+
SET_UNALIGNED_32(p, 0x00878b48); p += 3;
905+
SET_UNALIGNED_32(p, (UINT32)pLookup->offsets[i]); p += 4;
906906
}
907907
else
908908
{
909-
*(UINT32*)p = 0x00478b48; p += 3;
909+
SET_UNALIGNED_32(p, 0x00478b48); p += 3;
910910
*p++ = (BYTE)pLookup->offsets[i];
911911
}
912912
#else
913913
// mov rax,qword ptr [rcx+offset]
914914
if (pLookup->offsets[i] >= 0x80)
915915
{
916-
*(UINT32*)p = 0x00818b48; p += 3;
917-
*(UINT32*)p = (UINT32)pLookup->offsets[i]; p += 4;
916+
SET_UNALIGNED_32(p, 0x00818b48); p += 3;
917+
SET_UNALIGNED_32(p, (UINT32)pLookup->offsets[i]); p += 4;
918918
}
919919
else
920920
{
921-
*(UINT32*)p = 0x00418b48; p += 3;
921+
SET_UNALIGNED_32(p, 0x00418b48); p += 3;
922922
*p++ = (BYTE)pLookup->offsets[i];
923923
}
924924
#endif
@@ -928,12 +928,12 @@ PCODE DynamicHelpers::CreateDictionaryLookupHelper(LoaderAllocator * pAllocator,
928928
// mov rax,qword ptr [rax+offset]
929929
if (pLookup->offsets[i] >= 0x80)
930930
{
931-
*(UINT32*)p = 0x00808b48; p += 3;
932-
*(UINT32*)p = (UINT32)pLookup->offsets[i]; p += 4;
931+
SET_UNALIGNED_32(p, 0x00808b48); p += 3;
932+
SET_UNALIGNED_32(p, (UINT32)pLookup->offsets[i]); p += 4;
933933
}
934934
else
935935
{
936-
*(UINT32*)p = 0x00408b48; p += 3;
936+
SET_UNALIGNED_32(p, 0x00408b48); p += 3;
937937
*p++ = (BYTE)pLookup->offsets[i];
938938
}
939939
}
@@ -953,10 +953,10 @@ PCODE DynamicHelpers::CreateDictionaryLookupHelper(LoaderAllocator * pAllocator,
953953

954954
_ASSERTE(pLookup->indirections != 0);
955955

956-
*(UINT32*)p = 0x00c08548; p += 3; // test rax,rax
956+
SET_UNALIGNED_32(p, 0x00c08548); p += 3; // test rax,rax
957957

958958
// je 'HELPER_CALL' (a jump of 1 byte)
959-
*(UINT16*)p = 0x0174; p += 2;
959+
SET_UNALIGNED_16(p, 0x0174); p += 2;
960960

961961
*p++ = 0xC3; // ret
962962

0 commit comments

Comments
 (0)