From 17eebff1883664df29afd3ad092b1606a4fdbb0d Mon Sep 17 00:00:00 2001
From: Ivan Baravy <dunkaist@gmail.com>
Date: Sun, 9 Feb 2025 19:32:30 +0000
Subject: [PATCH] Fix a kernel crash on a CD, with 512MB RAM

CDDataBuf was considered a free memory. It was then allocated for other
kernel structures what eventually caused the crash.

The bug report: https://www.youtube.com/watch?v=tXMD9_gEUcA
---
 kernel/trunk/const.inc  | 46 ++++++++++++++++++++---------------------
 kernel/trunk/data32.inc |  4 +---
 2 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/kernel/trunk/const.inc b/kernel/trunk/const.inc
index 731a26cc2..397f8338d 100644
--- a/kernel/trunk/const.inc
+++ b/kernel/trunk/const.inc
@@ -596,29 +596,29 @@ CONTROL_EXCEPTION  = 'EXPT'
 
 ; Window structure:
 struct  WDATA
-        box             BOX
-        cl_workarea     dd ?
-        cl_titlebar     dd ?
-        cl_frames       dd ?
-        z_modif         db ?
-        fl_wstate       db ?
-        fl_wdrawn       db ?
-        fl_redraw       db ?
-        clientbox       BOX
-        shape           dd ?
-        shape_scale     dd ?
-        caption         dd ?
-        captionEncoding db ?
-                        rb 3
-        saved_box       BOX
-        cursor          dd ?
-        temp_cursor     dd ?   ;?
-        draw_bgr_x      dd ?
-        draw_bgr_y      dd ?
-        draw_data       RECT
-        thread          dd ? ; ptr APPDATA
-        buttons         rd 1 ; ptr array buttons
-                        rb 12 - 4
+        box             BOX     ; +0
+        cl_workarea     dd ?    ; +16
+        cl_titlebar     dd ?    ; +20
+        cl_frames       dd ?    ; +24
+        z_modif         db ?    ; +28
+        fl_wstate       db ?    ; +29
+        fl_wdrawn       db ?    ; +30
+        fl_redraw       db ?    ; +31
+        clientbox       BOX     ; +32
+        shape           dd ?    ; +48
+        shape_scale     dd ?    ; +52
+        caption         dd ?    ; +56
+        captionEncoding db ?    ; +60
+                        rb 3    ; +61
+        saved_box       BOX     ; +64
+        cursor          dd ?    ; +80
+        temp_cursor     dd ?    ; +84   ?
+        draw_bgr_x      dd ?    ; +88
+        draw_bgr_y      dd ?    ; +92
+        draw_data       RECT    ; +96
+        thread          dd ?    ; +112  ptr APPDATA
+        buttons         rd 1    ; +116  ptr array buttons
+                        rb 12 - 4 ; +120
 ends
 
 label WDATA.fl_wstyle byte at WDATA.cl_workarea + 3
diff --git a/kernel/trunk/data32.inc b/kernel/trunk/data32.inc
index 31d951147..0b79f72e6 100644
--- a/kernel/trunk/data32.inc
+++ b/kernel/trunk/data32.inc
@@ -531,6 +531,7 @@ CLEAN_ZONE = _CLEAN_ZONE - OS_BASE
 BgrAuxTable     rb  32768
 align 65536
 SB16Buffer      rb  65536
+CDDataBuf:      rb 0x1000
 
 align 4096
 BUTTON_INFO     rb  64*1024
@@ -538,6 +539,3 @@ RESERVED_PORTS:
         rb  64*1024
 sys_pgmap:
         rb  1024*1024/8
-
-
-CDDataBuf: rb 0x1000