Bug 972671 - Fix trampoline jump target calculation in the pJmp32 case. r=m_kato
authorDavid Major <dmajor@mozilla.com>
Wed, 19 Feb 2014 11:30:09 -0500
changeset 169877 795b23c31b4d0b099186c0147146d452343c0697
parent 169876 3b46ee843b12c9e5572f68c68c02e1266562c9cf
child 169878 98d81d6422dd19e8799871144b8d05d2f27b279c
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewersm_kato
bugs972671
milestone30.0a1
Bug 972671 - Fix trampoline jump target calculation in the pJmp32 case. r=m_kato
toolkit/xre/nsWindowsDllInterceptor.h
--- a/toolkit/xre/nsWindowsDllInterceptor.h
+++ b/toolkit/xre/nsWindowsDllInterceptor.h
@@ -554,17 +554,17 @@ protected:
     // OrigFunction+N, the target of the trampoline
     byteptr_t trampDest = origBytes + nBytes;
 
 #if defined(_M_IX86)
     if (pJmp32 >= 0) {
       // Jump directly to the original target of the jump instead of jumping to the
       // original function.
       // Adjust jump target displacement to jump location in the trampoline.
-      *((intptr_t*)(tramp+pJmp32+1)) += origBytes + pJmp32 - tramp;
+      *((intptr_t*)(tramp+pJmp32+1)) += origBytes - tramp;
     } else {
       tramp[nBytes] = 0xE9; // jmp
       *((intptr_t*)(tramp+nBytes+1)) = (intptr_t)trampDest - (intptr_t)(tramp+nBytes+5); // target displacement
     }
 #elif defined(_M_X64)
     // If JMP32 opcode found, we don't insert to trampoline jump 
     if (pJmp32 >= 0) {
       // mov r11, address