Closed ehiggs closed 7 years ago
Jump is two bytes instruction, it won't work as a filler. I'd go with byte 0xff. Even though some instructions (jump above is one example) start with this byte, 0xff alone doesn't produce a valid instruction even if repeated 2-15 times. Instruction on Intel can't be longer than 15 bytes. IF you you're close to a page boundary, there is chance that bytes will form a valid instruction but it's quite unlikely.
Another related issue is when you align code and don't fill gap bytes with nops, bad instructions may have a negative impact on execution pipeline.
@ehiggs - this is more of an introduction rather than an exhaustive post, though if someone does write a more exhaustive one I'd be happy to add a link to it.
This won't work if a function pushes some registers to the stack; they need to be popped. So wouldn't it be better to segfault on a bad instruction (e.g. maybe
jump -1(%rip)
) or fill the buffer withnop
s?