From 823e301c0b7a8fb54957fe99d76c9178f8186471 Mon Sep 17 00:00:00 2001 From: Devine Lu Linvega Date: Sat, 7 Jan 2023 12:02:57 -0800 Subject: [PATCH] Fixed security leaks in uxnasm and uxn --- src/uxn.c | 8 ++++---- src/uxnasm.c | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/uxn.c b/src/uxn.c index 50d7c41..f64461c 100644 --- a/src/uxn.c +++ b/src/uxn.c @@ -32,8 +32,8 @@ WITH REGARD TO THIS SOFTWARE. int uxn_eval(Uxn *u, Uint16 pc) { - unsigned int a, b, c, j, k, bs, instr; Uint8 kptr, *sp; + Uint16 a, b, c, j, k, bs, instr; Stack *src, *dst; if(!pc || u->dev[0x0f]) return 0; while((instr = u->ram[pc++])) { @@ -49,8 +49,8 @@ uxn_eval(Uxn *u, Uint16 pc) case 0x00: /* Literals/Calls */ if(instr == 0x20) /* JMI */ { PEEK16(a, pc) pc = a; } - else if(instr == 0x40) /* JCI */ { sp = &u->wst->ptr; src = u->wst; POP8(a) if(a) { PEEK16(b, pc) pc = b; } else { pc += 2; } } - else if(instr == 0x60) /* JSI */ { PEEK16(a, pc) PUSH16(u->rst, pc + 2) pc = a; } + else if(instr == 0x40) /* JCI */ { sp = &u->wst->ptr; src = u->wst; POP8(b) if(b) { PEEK16(a, pc) pc = a; } else pc += 2; } + else if(instr == 0x60) /* JSI */ { PUSH16(u->rst, pc + 2) PEEK16(a, pc) pc = a; } else if(bs) /* LIT2 */ { PEEK16(a, pc) PUSH16(src, a) pc += 2; } else /* LITr */ { a = u->ram[pc++]; PUSH8(src, a) } break; /* ALU */ @@ -80,7 +80,7 @@ uxn_eval(Uxn *u, Uint16 pc) case 0x18: /* ADD */ POP(a) POP(b) PUSH(src, b + a) break; case 0x19: /* SUB */ POP(a) POP(b) PUSH(src, b - a) break; case 0x1a: /* MUL */ POP(a) POP(b) PUSH(src, (Uint32)b * a) break; - case 0x1b: /* DIV */ POP(a) POP(b) if(a == 0) HALT(3) PUSH(src, b / a) break; + case 0x1b: /* DIV */ POP(a) POP(b) if(!a) HALT(3) PUSH(src, b / a) break; case 0x1c: /* AND */ POP(a) POP(b) PUSH(src, b & a) break; case 0x1d: /* ORA */ POP(a) POP(b) PUSH(src, b | a) break; case 0x1e: /* EOR */ POP(a) POP(b) PUSH(src, b ^ a) break; diff --git a/src/uxnasm.c b/src/uxnasm.c index 370737e..7c9e7b5 100644 --- a/src/uxnasm.c +++ b/src/uxnasm.c @@ -1,7 +1,7 @@ #include /* --Copyright (c) 2021-2023 Devine Lu Linvega, Andrew Alderwick +Copyright (c) 2021-2023 Devine Lu Linvega, Andrew Alderwick Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above @@ -416,9 +416,9 @@ assemble(FILE *f) { char w[0x40]; scpy("on-reset", p.scope, 0x40); - while(fscanf(f, "%63s", w) == 1) - if(!parse(w, f)) - return error("Unknown token", w); + while(fscanf(f, "%62s", w) == 1) + if(slen(w) > 0x3d || !parse(w, f)) + return error("Invalid token", w); return resolve(); } @@ -443,12 +443,12 @@ review(char *filename) static void writesym(char *filename) { + int i; char symdst[0x60]; FILE *fp; if(slen(filename) > 0x60 - 5) return; fp = fopen(scat(scpy(filename, symdst, slen(filename) + 1), ".sym"), "w"); - int i; if(fp != NULL) { for(i = 0; i < p.llen; i++) { fwrite(&p.labels[i].addr + 1, 1, 1, fp);