Browse code
Fixed crash vector where STR/LDR can access outside of bounds
Devine Lu Linvega authored on 07/01/2023 19:31:03
Showing 1 changed files
| ... | ... |
@@ -32,7 +32,7 @@ WITH REGARD TO THIS SOFTWARE. |
| 32 | 32 |
int |
| 33 | 33 |
uxn_eval(Uxn *u, Uint16 pc) |
| 34 | 34 |
{
|
| 35 |
- unsigned int a, b, c, j, k, bs, instr; |
|
| 35 |
+ Uint16 a, b, c, j, k, bs, instr; |
|
| 36 | 36 |
Uint8 kptr, *sp; |
| 37 | 37 |
Stack *src, *dst; |
| 38 | 38 |
if(!pc || u->dev[0x0f]) return 0; |
| ... | ... |
@@ -49,7 +49,7 @@ uxn_eval(Uxn *u, Uint16 pc) |
| 49 | 49 |
case 0x00: |
| 50 | 50 |
/* Literals/Calls */ |
| 51 | 51 |
if(instr == 0x20) /* JMI */ { PEEK16(a, pc) pc = a; }
|
| 52 |
- else if(instr == 0x40) /* JCI */ { sp = &u->wst->ptr; src = u->wst; POP8(b) if(b) { PEEK16(a, pc) pc = a; } else { pc += 2; } }
|
|
| 52 |
+ else if(instr == 0x40) /* JCI */ { sp = &u->wst->ptr; src = u->wst; POP8(b) if(b) { PEEK16(a, pc) pc = a; } else pc += 2; }
|
|
| 53 | 53 |
else if(instr == 0x60) /* JSI */ { PUSH16(u->rst, pc + 2) PEEK16(a, pc) pc = a; }
|
| 54 | 54 |
else if(bs) /* LIT2 */ { PEEK16(a, pc) PUSH16(src, a) pc += 2; }
|
| 55 | 55 |
else /* LITr */ { a = u->ram[pc++]; PUSH8(src, a) } break;
|
| ... | ... |
@@ -80,7 +80,7 @@ uxn_eval(Uxn *u, Uint16 pc) |
| 80 | 80 |
case 0x18: /* ADD */ POP(a) POP(b) PUSH(src, b + a) break; |
| 81 | 81 |
case 0x19: /* SUB */ POP(a) POP(b) PUSH(src, b - a) break; |
| 82 | 82 |
case 0x1a: /* MUL */ POP(a) POP(b) PUSH(src, (Uint32)b * a) break; |
| 83 |
- case 0x1b: /* DIV */ POP(a) POP(b) if(a == 0) HALT(3) PUSH(src, b / a) break; |
|
| 83 |
+ case 0x1b: /* DIV */ POP(a) POP(b) if(!a) HALT(3) PUSH(src, b / a) break; |
|
| 84 | 84 |
case 0x1c: /* AND */ POP(a) POP(b) PUSH(src, b & a) break; |
| 85 | 85 |
case 0x1d: /* ORA */ POP(a) POP(b) PUSH(src, b | a) break; |
| 86 | 86 |
case 0x1e: /* EOR */ POP(a) POP(b) PUSH(src, b ^ a) break; |