Indirect branch protection time crash under certain circumstances

[NewDwarf]

Can the encrypted target jump addresses be used as a single feature for the indirect branch obfuscation?
If I pass the parameters -mllvm -enable-indibran -mllvm -indibran-enc-jump-target, the clang is crashed with such backtrace

...
5  clang-15                 0x000000010ce26163 CrashRecoverySignalHandler(int) + 195
6  libsystem_platform.dylib 0x00007ff817560dfd _sigtramp + 29
7  libsystem_platform.dylib 0x0000600000b265a0 _sigtramp + 18446708923317376960
8  clang-15                 0x000000010baaa741 llvm::BinaryOperator::Create(llvm::Instruction::BinaryOps, llvm::Value*, llvm::Value*, llvm::Twine const&, llvm::Instruction*) + 49
9  clang-15                 0x000000010ccbfe7b llvm::IRBuilderBase::CreateInsertNUWNSWBinOp(llvm::Instruction::BinaryOps, llvm::Value*, llvm::Value*, llvm::Twine const&, bool, bool) + 155
10 clang-15                 0x000000010c887375 llvm::IRBuilderBase::CreateSub(llvm::Value*, llvm::Value*, llvm::Twine const&, bool, bool) + 213
11 clang-15                 0x000000010f7e4360 llvm::IndirectBranch::runOnFunction(llvm::Function&) + 6896
12 clang-15                 0x000000010f7fd05c llvm::Obfuscation::runOnModule(llvm::Module&) + 1708
13 clang-15                 0x000000010f7fbc48 llvm::ObfuscationPass::run(llvm::Module&, llvm::AnalysisManager<llvm::Module>&) + 56
...

If I additionally pass the use-stack parameter (-mllvm -enable-indibran -mllvm -indibran-enc-jump-target -mllvm -indibran-use-stack), it works well.

[NewDwarf]

Here is my fix

diff --git a/llvm/lib/Transforms/Obfuscation/IndirectBranch.cpp b/llvm/lib/Transforms/Obfuscation/IndirectBranch.cpp
index b8879f59a..6f5263772 100755
--- a/llvm/lib/Transforms/Obfuscation/IndirectBranch.cpp
+++ b/llvm/lib/Transforms/Obfuscation/IndirectBranch.cpp
@@ -160,6 +160,8 @@ struct IndirectBranch : public FunctionPass {
         Value *GEP = IRB.CreateGEP(LoadFrom->getValueType(), LoadFrom, {zero, RealIndex});
         LI = IRB.CreateLoad(GEP->getType(), GEP, "IndirectBranchingTargetAddress");
         if (EncryptJumpTarget) {
+         enckeyLoad = IRB.CreateXor(IRB.CreateLoad(encenckeyGV->getValueType(), encenckeyGV),
+              encenckey);
           LI = IRB.CreateGEP(Type::getInt8Ty(Func.getContext()), IRB.CreateLoad(Type::getInt8PtrTy(Func.getContext()), GEP), IRB.CreateSub(zero, enckeyLoad), "IndirectBranchingTargetAddress");
         }
       }

But this is bad fix as it duplicates some statements. I would refactor the pass completely.

[NewDwarf]

The pass has too many nested if conditions. So, something was missed.

[61bcdefg]

Thanks for creating this issue. -indibran-enc-jump-target flag should be able to be used without -indibran-use-stack flag, I made a stupid mistake. I'll fix it later.

[61bcdefg]

dd7f90d