0
0
Fork 0
mirror of https://git.sr.ht/~rabbits/uxn synced 2024-11-27 00:03:00 +00:00

Fixed crash vector where STR/LDR can access outside of bounds

This commit is contained in:
Devine Lu Linvega 2023-01-07 11:31:03 -08:00
parent 6cbe51b4ab
commit 4e68dc7753

View file

@ -32,7 +32,7 @@ WITH REGARD TO THIS SOFTWARE.
int int
uxn_eval(Uxn *u, Uint16 pc) uxn_eval(Uxn *u, Uint16 pc)
{ {
unsigned int a, b, c, j, k, bs, instr; Uint16 a, b, c, j, k, bs, instr;
Uint8 kptr, *sp; Uint8 kptr, *sp;
Stack *src, *dst; Stack *src, *dst;
if(!pc || u->dev[0x0f]) return 0; if(!pc || u->dev[0x0f]) return 0;
@ -49,7 +49,7 @@ uxn_eval(Uxn *u, Uint16 pc)
case 0x00: case 0x00:
/* Literals/Calls */ /* Literals/Calls */
if(instr == 0x20) /* JMI */ { PEEK16(a, pc) pc = a; } if(instr == 0x20) /* JMI */ { PEEK16(a, pc) pc = a; }
else if(instr == 0x40) /* JCI */ { sp = &u->wst->ptr; src = u->wst; POP8(b) if(b) { PEEK16(a, pc) pc = a; } else { pc += 2; } } else if(instr == 0x40) /* JCI */ { sp = &u->wst->ptr; src = u->wst; POP8(b) if(b) { PEEK16(a, pc) pc = a; } else pc += 2; }
else if(instr == 0x60) /* JSI */ { PUSH16(u->rst, pc + 2) PEEK16(a, pc) pc = a; } else if(instr == 0x60) /* JSI */ { PUSH16(u->rst, pc + 2) PEEK16(a, pc) pc = a; }
else if(bs) /* LIT2 */ { PEEK16(a, pc) PUSH16(src, a) pc += 2; } else if(bs) /* LIT2 */ { PEEK16(a, pc) PUSH16(src, a) pc += 2; }
else /* LITr */ { a = u->ram[pc++]; PUSH8(src, a) } break; else /* LITr */ { a = u->ram[pc++]; PUSH8(src, a) } break;
@ -80,7 +80,7 @@ uxn_eval(Uxn *u, Uint16 pc)
case 0x18: /* ADD */ POP(a) POP(b) PUSH(src, b + a) break; case 0x18: /* ADD */ POP(a) POP(b) PUSH(src, b + a) break;
case 0x19: /* SUB */ POP(a) POP(b) PUSH(src, b - a) break; case 0x19: /* SUB */ POP(a) POP(b) PUSH(src, b - a) break;
case 0x1a: /* MUL */ POP(a) POP(b) PUSH(src, (Uint32)b * a) break; case 0x1a: /* MUL */ POP(a) POP(b) PUSH(src, (Uint32)b * a) break;
case 0x1b: /* DIV */ POP(a) POP(b) if(a == 0) HALT(3) PUSH(src, b / a) break; case 0x1b: /* DIV */ POP(a) POP(b) if(!a) HALT(3) PUSH(src, b / a) break;
case 0x1c: /* AND */ POP(a) POP(b) PUSH(src, b & a) break; case 0x1c: /* AND */ POP(a) POP(b) PUSH(src, b & a) break;
case 0x1d: /* ORA */ POP(a) POP(b) PUSH(src, b | a) break; case 0x1d: /* ORA */ POP(a) POP(b) PUSH(src, b | a) break;
case 0x1e: /* EOR */ POP(a) POP(b) PUSH(src, b ^ a) break; case 0x1e: /* EOR */ POP(a) POP(b) PUSH(src, b ^ a) break;