[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MiNT] Buggy blockcpy()

To: mint@lists.fishpool.fi
Subject: [MiNT] Buggy blockcpy()
From: Vincent Rivière <vincent.riviere@freesbee.fr>
Date: Fri, 25 Mar 2011 00:27:38 +0100
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
Sender: mint-bounce@lists.fishpool.fi
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9

Hello.

Inside FreeMiNT's libkern, I have noticed a very subtle bug in blockcpy()for 68000. It had never been triggered because this function is not used.


gas for a.out has a nontrivial bug. It allows sources like:
	bra.s	next
next:

A zero offset is illegal and should be rejected (it is on ELF targets).Unfortunately, gas for a.out does not complain and produces invalid code :-(

And this happens in blockcpy() for 68000.

Also, it is obvious that the blockcpy() function has been quickly writtenfrom a memcpy() implementation. Some code for remaining bytes was stillhere, but obviously useless. I have removed it.


Now this file has been sanitized, I will patch it for ColdFire.

Alan, please commit !

- blockcopy.patch
Fixed 68000 variant and simplified. Contributed by Vincent Riviere.

--
Vincent Rivière

diff -x CVS -aurN freemint.orig/sys/libkern/asm/blockcopy.S freemint/sys/libkern/asm/blockcopy.S
--- freemint.orig/sys/libkern/asm/blockcopy.S	2005-05-07 10:58:16.000000000 +0200
+++ freemint/sys/libkern/asm/blockcopy.S	2011-03-25 00:07:26.812500000 +0100
@@ -16,7 +16,6 @@
 	move.l	_mcpu,d1
 	cmp.w	#40,d1
 	bcc.s	L_040			| for 68000-68030 do quickmove
-	clr.l	d1
 	bra	blkmv
 L_040:	dc.l	0xf6218000		| move16 (a1)+,(a0)+
 	dc.l	0xf6218000
@@ -53,12 +52,9 @@
 	subq.l	#1,d0
 	bne	L_040
 	rts
-#else
-	clr.l	d1
-	bra.s	blkmv
 #endif
 
-blkmv:	movem.l	d1-d7/a2-a6,-(sp)	| save regs
+blkmv:	movem.l	d2-d7/a2-a6,-(sp)	| save regs
 L1:
 	movem.l	(a1)+,d1-d7/a2-a6	| read 12*4 = 48 bytes
 	movem.l	d1-d7/a2-a6,(a0)	|
@@ -85,28 +81,8 @@
 
 	lea	512(a0),a0
 	subq.l	#1,d0
-	bgt.s	L1
+	bne.s	L1
 
-	movem.l	(sp)+,d1-d7/a2-a6	| pop registers
+	movem.l	(sp)+,d2-d7/a2-a6	| pop registers
 
-Leftover:				| do the remaining bytes
-	moveq.l	#3,d0
-	and.w	d1,d0
-	lsr.w	#2,d1
-	subq.w	#1,d1			| prepare for dbra loop
-	bmi.s	L4done
-	lsr.w	#1,d1
-	bcc.s	L23
-L2l:
-	move.l	(a1)+,(a0)+
-L23:
-	move.l	(a1)+,(a0)+
-	dbra	d1,L2l
-L4done:
-	subq.w	#1,d0			| prepare for dbra loop
-	bmi.s	Ldone
-L2:
-	move.b	(a1)+,(a0)+
-	dbra	d0,L2
-Ldone:
 	rts				| return

Follow-Ups:
- Re: [MiNT] Buggy blockcpy()
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>

Prev by Date: Re: [MiNT] NOCFLAGS $(MODEL)
Next by Date: [MiNT] GCC 4.6.0
Previous by thread: Re: [MiNT] NOCFLAGS $(MODEL)
Next by thread: Re: [MiNT] Buggy blockcpy()
Index(es):
- Date
- Thread