From 2ddbb2eabd3c12c1735c77718582b2ef5b1feebb Mon Sep 17 00:00:00 2001 From: Sewer56 Date: Fri, 2 Aug 2024 02:16:16 +0100 Subject: [PATCH] Fixed: Potential out of bounds read in SIMD scanners The previous code did not correctly account for the initial match of the first byte of the pattern moving the match pointer of up to ('RegisterLength' - 1). This code accounts for this with `(patternVectors.Length + 1) * (RegisterLength)` --- Reloaded.Memory.Sigscan/Scanner_AVX2.cs | 9 +++------ Reloaded.Memory.Sigscan/Scanner_SSE2.cs | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Reloaded.Memory.Sigscan/Scanner_AVX2.cs b/Reloaded.Memory.Sigscan/Scanner_AVX2.cs index 0e5181e..aaa6057 100644 --- a/Reloaded.Memory.Sigscan/Scanner_AVX2.cs +++ b/Reloaded.Memory.Sigscan/Scanner_AVX2.cs @@ -55,7 +55,7 @@ public static PatternScanResult FindPatternAvx2(byte* data, int dataLength, stri int matchTableLength = matchTable.Length; var firstByteVec = Vector256.Create(patternData.Bytes[patternData.LeadingIgnoreCount]); - int searchLength = dataLength - (patternData.Bytes.Length + AvxRegisterLength); + int searchLength = dataLength - ((patternVectors.Length + 1) * (AvxRegisterLength)); int leadingIgnoreCount = patternData.LeadingIgnoreCount; ref var pVec = ref patternVectors[0]; @@ -68,11 +68,8 @@ public static PatternScanResult FindPatternAvx2(byte* data, int dataLength, stri var dataMaxPtr = dataPtr + searchLength; for (; dataPtr < dataMaxPtr; dataPtr++) { - if (dataPtr > (void*)0x00000001778b1000) - { - var a = 5; - } - + var lastDataPtr = dataPtr; + // Problem: If pattern starts with unknown, will never match. var rhs = Avx.LoadVector256(dataPtr); var equal = Avx2.CompareEqual(pFirstByteVec, rhs); diff --git a/Reloaded.Memory.Sigscan/Scanner_SSE2.cs b/Reloaded.Memory.Sigscan/Scanner_SSE2.cs index 8331973..7ba2b62 100644 --- a/Reloaded.Memory.Sigscan/Scanner_SSE2.cs +++ b/Reloaded.Memory.Sigscan/Scanner_SSE2.cs @@ -54,7 +54,7 @@ public static PatternScanResult FindPatternSse2(byte* data, int dataLength, stri int matchTableLength = matchTable.Length; var firstByteVec = Vector128.Create(patternData.Bytes[patternData.LeadingIgnoreCount]); - int searchLength = dataLength - (patternData.Bytes.Length + SseRegisterLength); + int searchLength = dataLength - ((patternVectors.Length + 1) * (SseRegisterLength)); int leadingIgnoreCount = patternData.LeadingIgnoreCount; ref var pVec = ref patternVectors[0];