badpork/kolibrios
1
0
Fork 0
forked from KolibriOS/kolibrios
Code Pull Requests Activity

[kernel] Fix reading from empty board buffer (sf63.2)

Browse Source 
Syscall 63.2, reading from the board buffer, was overwriting registers
edx and ebp when the buffer was empty. Now it sets eax and ebx according
to the kernel API.

Because of this ancient bug BOARD checks the status of sf63.2 syscall
this way:
        mcall   63, 2
        cmp     ebx, 1
        jne     no_data
        ; when the buffer is empty, ebx is untouched, i.e. still 2, haha
        ; edx and ebp are destroyed, the code is lucky not to use them

By the way, the bug was found using umka tool.

git-svn-id: svn://kolibrios.org@9897 a494cfbc-eb01-0410-851d-a64ba20cac60
This commit is contained in:
Ivan Baravy 2023-01-30 03:33:03 +00:00
parent 4c20c082c1
commit 59315b183d
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
kernel/trunk/kernel.asm
View File

@ -3377,7 +3377,7 @@ align 4
set_app_param: set_app_param:
mov edi, [current_slot] mov edi, [current_slot]
xchg ebx, [edi + APPDATA.event_mask] ; set new event mask xchg ebx, [edi + APPDATA.event_mask] ; set new event mask
mov [esp + SYSCALL_STACK.eax], ebx ; return old mask value mov [esp + SYSCALL_STACK.eax], ebx ; return old mask value
ret ret
;----------------------------------------------------------------------------- ;-----------------------------------------------------------------------------
@ -3393,7 +3393,6 @@ if 1
align 4 align 4
delay_hs: ; delay in 1/100 secs delay_hs: ; delay in 1/100 secs
; ebx = delay time ; ebx = delay time
pushad pushad
push ebx push ebx
xor esi, esi xor esi, esi
@ -4226,24 +4225,23 @@ end if
pop ebx eax pop ebx eax
ret ret
@@:
mov [esp + SYSCALL_STACK.eax], ecx
mov [esp+20], ecx
jmp .ret
.read: .read:
cmp eax, 2 cmp eax, 2
jne .ret jne .ret
test ecx, ecx
jz @b
add esp, 8 ; returning data in ebx and eax, so no need to restore them add esp, 8 ; returning data in ebx and eax, so no need to restore them
test ecx, ecx
jnz @f
mov [esp + SYSCALL_STACK.eax], ecx
mov [esp + SYSCALL_STACK.ebx], ecx
ret
@@:
mov eax, msg_board_data+1 mov eax, msg_board_data+1
mov ebx, msg_board_data mov ebx, msg_board_data
movzx edx, byte [ebx] movzx edx, byte [ebx]
call memmove call memmove
dec [msg_board_count] dec [msg_board_count]
mov [esp + SYSCALL_STACK.eax], edx ;eax mov [esp + SYSCALL_STACK.eax], edx
mov [esp + 20], dword 1 mov [esp + SYSCALL_STACK.ebx], 1
ret ret
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;