shithub: 9ferno

Download patch

ref: 0b81becf6915c7c54d266f8cc170fd8db58bb6a8
parent: 00e6f81a080c81828854db16160d8b58a5cd8ca9
author: 9ferno <gophone2015@gmail.com>
date: Tue Dec 14 23:53:13 EST 2021

check that the buffer does not overflow UPE

--- a/os/pc64/bindings.s	Tue Dec 14 23:42:56 2021
+++ b/os/pc64/bindings.s	Tue Dec 14 23:53:13 2021
@@ -104,10 +104,13 @@
 	NEXT
 
 TEXT	fthread(SB), 1, $32	/* ( n a fd -- n2 ) */
-	MOVQ(PSP), CX
 	PUSH(TOP)
-	MOVQ CX, TOP	/* ( n a fd -- n a fd a ) */
-	CALL inup(SB)
+	MOVQ 16(PSP), TOP
+	MOVQ 8(PSP), CX
+	PUSH(TOP)
+	MOVQ CX, TOP	/* ( n a fd -- n a fd n a ) */
+
+	CALL bufinup(SB)
 	MOVQ TOP, CX
 	POP(TOP)
 	CMPQ CX, $0
@@ -130,10 +133,13 @@
  * Hence, need 32 bytes on the stack
  */
 TEXT	fthwrite(SB), 1, $32	/* ( n a fd -- n2|-1 ) */
-	MOVQ(PSP), CX
 	PUSH(TOP)
-	MOVQ CX, TOP	/* ( n a fd -- n a fd a ) */
-	CALL inup(SB)
+	MOVQ 16(PSP), TOP
+	MOVQ 8(PSP), CX
+	PUSH(TOP)
+	MOVQ CX, TOP	/* ( n a fd -- n a fd n a ) */
+
+	CALL bufinup(SB)
 	MOVQ TOP, CX
 	POP(TOP)
 	CMPQ CX, $0
--- a/os/pc64/forth.s	Tue Dec 14 23:42:56 2021
+++ b/os/pc64/forth.s	Tue Dec 14 23:53:13 2021
@@ -168,6 +168,29 @@
 	MOVQ $1, TOP
 	RET
 
+/*
+callable by UP using forth macro entries to check address
+	( n a -- -1|0|1 )
+	argument 1 in TOP = address
+	return value in TOP
+	-1			0			1
+	if UP < address && address+n < UPE
+		return 0	within range
+	else if address < UP
+		return -1	below UP
+	else if UPE < address+n
+		return 1	above UP
+ */
+TEXT	bufinup(SB), 1, $-4
+	MOVQ (PSP), CX
+	ADDQ CX, TOP
+	CMPQ CX, UPE
+	JGT aboveupe
+	CMPQ TOP, UP
+	JLT belowup
+	MOVQ $0, TOP
+	RET
+
 TEXT	reset(SB), 1, $-4
 	MOVQ UP, RSP
 	ADDQ $RSTACK_END, RSP