Back out bug 653361 for causing plugin crashes (bug 680862).
authorBen Turner <bent.mozilla@gmail.com>
Tue, 23 Aug 2011 11:00:25 -0700
changeset 75656 33e4aa663bba7fd563ab0bc2023b6219cf812c44
parent 75655 c8f2a44d604b3ff4dce90c60fa03439c58ca9a66
child 75657 1720b28e311583b9858873ad24160728806a351d
push id21046
push userbturner@mozilla.com
push dateMon, 22 Aug 2011 18:03:52 +0000
treeherdermozilla-central@33e4aa663bba [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs653361, 680862
milestone9.0a1
first release with
nightly linux32
33e4aa663bba / 9.0a1 / 20110822111311 / files
nightly linux64
33e4aa663bba / 9.0a1 / 20110822111311 / files
nightly mac
33e4aa663bba / 9.0a1 / 20110822111311 / files
nightly win32
33e4aa663bba / 9.0a1 / 20110822111311 / files
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
Back out bug 653361 for causing plugin crashes (bug 680862).
toolkit/xre/nsWindowsDllInterceptor.h
--- a/toolkit/xre/nsWindowsDllInterceptor.h
+++ b/toolkit/xre/nsWindowsDllInterceptor.h
@@ -184,17 +184,16 @@ protected:
     byteptr_t tramp = FindTrampolineSpace();
     if (!tramp)
       return 0;
 
     byteptr_t origBytes = (byteptr_t) origFunction;
 
     int nBytes = 0;
 #if defined(_M_IX86)
-    int nJmp32 = -1;
     while (nBytes < 5) {
       // Understand some simple instructions that might be found in a
       // prologue; we might need to extend this as necessary.
       //
       // Note!  If we ever need to understand jump instructions, we'll
       // need to rewrite the displacement argument.
       if (origBytes[nBytes] >= 0x88 && origBytes[nBytes] <= 0x8B) {
         // various MOVs; but only handle the case where it truly is a 2-byte instruction
@@ -212,21 +211,16 @@ protected:
         // PUSH with 4-byte operand
         nBytes += 5;
       } else if ((origBytes[nBytes] & 0xf0) == 0x50) {
         // 1-byte PUSH/POP
         nBytes++;
       } else if (origBytes[nBytes] == 0x6A) {
         // PUSH imm8
         nBytes += 2;
-      } else if (origBytes[nBytes] == 0xe9) {
-        // JMP rel32
-        nJmp32 = nBytes;
-        // jmp 32bit offset
-        nBytes += 5;
       } else {
         //printf ("Unknown x86 instruction byte 0x%02x, aborting trampoline\n", origBytes[nBytes]);
         return 0;
       }
     }
 #elif defined(_M_X64)
     int pJmp32 = -1;
 
@@ -350,26 +344,18 @@ protected:
     tramp += sizeof(void *);
 
     memcpy(tramp, origFunction, nBytes);
 
     // OrigFunction+N, the target of the trampoline
     byteptr_t trampDest = origBytes + nBytes;
 
 #if defined(_M_IX86)
-    if (nJmp32 >= 0) {
-      // Function entry has JMP rel32.  We replace with correct target address.
-      byteptr_t targetAddress =
-        origBytes + nJmp32 + 5 + (*((LONG*)(origBytes+nJmp32+1)));
-      *((intptr_t*)(tramp+nJmp32+1)) =
-        (intptr_t)targetAddress - (intptr_t)(tramp+nJmp32+5);
-    } else {
-      tramp[nBytes] = 0xE9; // jmp
-      *((intptr_t*)(tramp+nBytes+1)) = (intptr_t)trampDest - (intptr_t)(tramp+nBytes+5); // target displacement
-    }
+    tramp[nBytes] = 0xE9; // jmp
+    *((intptr_t*)(tramp+nBytes+1)) = (intptr_t)trampDest - (intptr_t)(tramp+nBytes+5); // target displacement
 #elif defined(_M_X64)
     // If JMP32 opcode found, we don't insert to trampoline jump 
     if (pJmp32 >= 0) {
       // convert JMP 32bit offset to JMP 64bit direct
       byteptr_t directJmpAddr = origBytes + pJmp32 + 5 + (*((LONG*)(origBytes+pJmp32+1)));
       // mov r11, address
       tramp[pJmp32]   = 0x49;
       tramp[pJmp32+1] = 0xbb;