Fixed security leaks in uxnasm and uxn

2023-01-07 12:02:57 -08:00 · 2023-01-07 12:02:57 -08:00 · 823e301c0b
parent a124ca95b0
commit 823e301c0b
2 changed files with 9 additions and 9 deletions
--- a/src/uxn.c
+++ b/src/uxn.c
@ -32,8 +32,8 @@ WITH REGARD TO THIS SOFTWARE.
 int
 uxn_eval(Uxn *u, Uint16 pc)
 {
-	unsigned int a, b, c, j, k, bs, instr;
 	Uint8 kptr, *sp;
+	Uint16 a, b, c, j, k, bs, instr;
 	Stack *src, *dst;
 	if(!pc || u->dev[0x0f]) return 0;
 	while((instr = u->ram[pc++])) {
@ -49,8 +49,8 @@ uxn_eval(Uxn *u, Uint16 pc)
 		case 0x00:
 		/* Literals/Calls */
 		if(instr == 0x20)      /* JMI  */ { PEEK16(a, pc) pc = a; }
-		else if(instr == 0x40) /* JCI  */ { sp = &u->wst->ptr; src = u->wst; POP8(a) if(a) { PEEK16(b, pc) pc = b; } else { pc += 2; } }
-		else if(instr == 0x60) /* JSI  */ { PEEK16(a, pc) PUSH16(u->rst, pc + 2) pc = a; }
+		else if(instr == 0x40) /* JCI  */ { sp = &u->wst->ptr; src = u->wst; POP8(b) if(b) { PEEK16(a, pc) pc = a; } else pc += 2; }
+		else if(instr == 0x60) /* JSI  */ { PUSH16(u->rst, pc + 2) PEEK16(a, pc) pc = a; }
 		else if(bs)            /* LIT2 */ { PEEK16(a, pc) PUSH16(src, a) pc += 2; }
 		else                   /* LITr */ { a = u->ram[pc++]; PUSH8(src, a) } break;
 		/* ALU */
@ -80,7 +80,7 @@ uxn_eval(Uxn *u, Uint16 pc)
 		case 0x18: /* ADD */ POP(a) POP(b) PUSH(src, b + a) break;
 		case 0x19: /* SUB */ POP(a) POP(b) PUSH(src, b - a) break;
 		case 0x1a: /* MUL */ POP(a) POP(b) PUSH(src, (Uint32)b * a) break;
-		case 0x1b: /* DIV */ POP(a) POP(b) if(a == 0) HALT(3) PUSH(src, b / a) break;
+		case 0x1b: /* DIV */ POP(a) POP(b) if(!a) HALT(3) PUSH(src, b / a) break;
 		case 0x1c: /* AND */ POP(a) POP(b) PUSH(src, b & a) break;
 		case 0x1d: /* ORA */ POP(a) POP(b) PUSH(src, b | a) break;
 		case 0x1e: /* EOR */ POP(a) POP(b) PUSH(src, b ^ a) break;
--- a/src/uxnasm.c
+++ b/src/uxnasm.c
@ -1,7 +1,7 @@
 #include <stdio.h>

 /*
-Copyright (c) 2021-2023 Devine Lu Linvega, Andrew Alderwick
+Copyright (c) 2021-2023 Devine Lu Linvega, Andrew Alderwick

 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
@ -416,9 +416,9 @@ assemble(FILE *f)
 {
 	char w[0x40];
 	scpy("on-reset", p.scope, 0x40);
-	while(fscanf(f, "%63s", w) == 1)
-		if(!parse(w, f))
-			return error("Unknown token", w);
+	while(fscanf(f, "%62s", w) == 1)
+		if(slen(w) > 0x3d || !parse(w, f))
+			return error("Invalid token", w);
 	return resolve();
 }

@ -443,12 +443,12 @@ review(char *filename)
 static void
 writesym(char *filename)
 {
+	int i;
 	char symdst[0x60];
 	FILE *fp;
 	if(slen(filename) > 0x60 - 5)
 		return;
 	fp = fopen(scat(scpy(filename, symdst, slen(filename) + 1), ".sym"), "w");
-	int i;
 	if(fp != NULL) {
 		for(i = 0; i < p.llen; i++) {
 			fwrite(&p.labels[i].addr + 1, 1, 1, fp);