Fixed security leaks in uxnasm and uxn

This commit is contained in:
Devine Lu Linvega 2023-01-07 12:02:57 -08:00
parent a124ca95b0
commit 823e301c0b
2 changed files with 9 additions and 9 deletions

View File

@ -32,8 +32,8 @@ WITH REGARD TO THIS SOFTWARE.
int int
uxn_eval(Uxn *u, Uint16 pc) uxn_eval(Uxn *u, Uint16 pc)
{ {
unsigned int a, b, c, j, k, bs, instr;
Uint8 kptr, *sp; Uint8 kptr, *sp;
Uint16 a, b, c, j, k, bs, instr;
Stack *src, *dst; Stack *src, *dst;
if(!pc || u->dev[0x0f]) return 0; if(!pc || u->dev[0x0f]) return 0;
while((instr = u->ram[pc++])) { while((instr = u->ram[pc++])) {
@ -49,8 +49,8 @@ uxn_eval(Uxn *u, Uint16 pc)
case 0x00: case 0x00:
/* Literals/Calls */ /* Literals/Calls */
if(instr == 0x20) /* JMI */ { PEEK16(a, pc) pc = a; } if(instr == 0x20) /* JMI */ { PEEK16(a, pc) pc = a; }
else if(instr == 0x40) /* JCI */ { sp = &u->wst->ptr; src = u->wst; POP8(a) if(a) { PEEK16(b, pc) pc = b; } else { pc += 2; } } else if(instr == 0x40) /* JCI */ { sp = &u->wst->ptr; src = u->wst; POP8(b) if(b) { PEEK16(a, pc) pc = a; } else pc += 2; }
else if(instr == 0x60) /* JSI */ { PEEK16(a, pc) PUSH16(u->rst, pc + 2) pc = a; } else if(instr == 0x60) /* JSI */ { PUSH16(u->rst, pc + 2) PEEK16(a, pc) pc = a; }
else if(bs) /* LIT2 */ { PEEK16(a, pc) PUSH16(src, a) pc += 2; } else if(bs) /* LIT2 */ { PEEK16(a, pc) PUSH16(src, a) pc += 2; }
else /* LITr */ { a = u->ram[pc++]; PUSH8(src, a) } break; else /* LITr */ { a = u->ram[pc++]; PUSH8(src, a) } break;
/* ALU */ /* ALU */
@ -80,7 +80,7 @@ uxn_eval(Uxn *u, Uint16 pc)
case 0x18: /* ADD */ POP(a) POP(b) PUSH(src, b + a) break; case 0x18: /* ADD */ POP(a) POP(b) PUSH(src, b + a) break;
case 0x19: /* SUB */ POP(a) POP(b) PUSH(src, b - a) break; case 0x19: /* SUB */ POP(a) POP(b) PUSH(src, b - a) break;
case 0x1a: /* MUL */ POP(a) POP(b) PUSH(src, (Uint32)b * a) break; case 0x1a: /* MUL */ POP(a) POP(b) PUSH(src, (Uint32)b * a) break;
case 0x1b: /* DIV */ POP(a) POP(b) if(a == 0) HALT(3) PUSH(src, b / a) break; case 0x1b: /* DIV */ POP(a) POP(b) if(!a) HALT(3) PUSH(src, b / a) break;
case 0x1c: /* AND */ POP(a) POP(b) PUSH(src, b & a) break; case 0x1c: /* AND */ POP(a) POP(b) PUSH(src, b & a) break;
case 0x1d: /* ORA */ POP(a) POP(b) PUSH(src, b | a) break; case 0x1d: /* ORA */ POP(a) POP(b) PUSH(src, b | a) break;
case 0x1e: /* EOR */ POP(a) POP(b) PUSH(src, b ^ a) break; case 0x1e: /* EOR */ POP(a) POP(b) PUSH(src, b ^ a) break;

View File

@ -1,7 +1,7 @@
#include <stdio.h> #include <stdio.h>
/* /*
-Copyright (c) 2021-2023 Devine Lu Linvega, Andrew Alderwick Copyright (c) 2021-2023 Devine Lu Linvega, Andrew Alderwick
Permission to use, copy, modify, and distribute this software for any Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above purpose with or without fee is hereby granted, provided that the above
@ -416,9 +416,9 @@ assemble(FILE *f)
{ {
char w[0x40]; char w[0x40];
scpy("on-reset", p.scope, 0x40); scpy("on-reset", p.scope, 0x40);
while(fscanf(f, "%63s", w) == 1) while(fscanf(f, "%62s", w) == 1)
if(!parse(w, f)) if(slen(w) > 0x3d || !parse(w, f))
return error("Unknown token", w); return error("Invalid token", w);
return resolve(); return resolve();
} }
@ -443,12 +443,12 @@ review(char *filename)
static void static void
writesym(char *filename) writesym(char *filename)
{ {
int i;
char symdst[0x60]; char symdst[0x60];
FILE *fp; FILE *fp;
if(slen(filename) > 0x60 - 5) if(slen(filename) > 0x60 - 5)
return; return;
fp = fopen(scat(scpy(filename, symdst, slen(filename) + 1), ".sym"), "w"); fp = fopen(scat(scpy(filename, symdst, slen(filename) + 1), ".sym"), "w");
int i;
if(fp != NULL) { if(fp != NULL) {
for(i = 0; i < p.llen; i++) { for(i = 0; i < p.llen; i++) {
fwrite(&p.labels[i].addr + 1, 1, 1, fp); fwrite(&p.labels[i].addr + 1, 1, 1, fp);