ArmXorEncoder broken for sizes over 128 bytes

[b1gr3db]

The ArmXorEncoder does the following:

    adr r8, payload
    mov r4, #%(length)s
    adr r6, xor_cacheflush
loop:
    cmp  r4, #%(maximum)s
    bxhi r6
    sub  r4, r4, #%(length)s
    ldrb r5, [r8, r4]
    eor  r5, r5, #%(key)s
    strb r5, [r8, r4]
    add  r4, r4, #%(length)s + 1
    b loop

Note that the size check is before the index is grabbed via the sub. This results in the maximum being checked against the length plus index rather than index. I think this could be fixed by moving the sub instruction to before the cmp in loop. The current implementation would only xor the first 64 bytes of a 192 byte payload as maximum is set to 256. Might be able to make that larger given that the ARM32 would allow 12 bit immediates for the add/sub, but could have other issues due at that point as this loop always goes to max currently (technically, currently it's incorrectly going to maximum - length)

[zachriggle]

Hack harder! ❤️

Just kidding, thanks for finding this and reporting it! The encoders are in need of lots of attention and maintenance.

[peace-maker]

See #1948