From 2437357119d63315867f76ead3dfb55619c8ab8a Mon Sep 17 00:00:00 2001 From: Bryce Denney Date: Mon, 12 Nov 2001 02:50:07 +0000 Subject: [PATCH] - this was checked in on october 2, 2001 and has caused no trouble yet --- .../patch.virtual-addr-checks-overflow | 81 ------------------- 1 file changed, 81 deletions(-) delete mode 100644 bochs/patches/patch.virtual-addr-checks-overflow diff --git a/bochs/patches/patch.virtual-addr-checks-overflow b/bochs/patches/patch.virtual-addr-checks-overflow deleted file mode 100644 index 8493e185c..000000000 --- a/bochs/patches/patch.virtual-addr-checks-overflow +++ /dev/null @@ -1,81 +0,0 @@ ----------------------------------------------------------------------- -Patch name: patch.virtual-addr-checks-overflow -Author: Bryce Denney -Date: Tue Oct 2 12:58:18 EDT 2001 -RCS Id: $Id: patch.virtual-addr-checks-overflow,v 1.2 2001-10-03 01:52:17 bdenney Exp $ - -Detailed description: -Bochs has been crashing in some cases when you try to access data which -overlaps the segment limit, when the segment limit is near the 32-bit -boundary. The example that came up a few times is reading/writing 4 bytes -starting at 0xffffffff when the segment limit was 0xffffffff. The -condition used to compare offset+length-1 with the limit, but offset+length-1 -was overflowing so the comparison went wrong. This patch changes the -condition so that it supports all segment limits. - -Patch was created with: - cvs diff -u -Apply patch to what version: - cvs from october 2, 2001 -Instructions: - To patch, go to main bochs directory. - Type "patch -p0 < THIS_PATCH_FILE". ----------------------------------------------------------------------- -Index: cpu/access.cc -=================================================================== -RCS file: /cvsroot/bochs/bochs/cpu/access.cc,v -retrieving revision 1.10 -retrieving revision 1.11 -diff -u -r1.10 -r1.11 ---- cpu/access.cc 2001/10/02 20:01:29 1.10 -+++ cpu/access.cc 2001/10/03 01:06:31 1.11 -@@ -71,7 +71,8 @@ - return; - - case 2: case 3: /* read/write */ -- if ( (offset+length-1) > seg->cache.u.segment.limit_scaled ) { -+ if (offset > (seg->cache.u.segment.limit_scaled - length + 1) -+ || (length-1 > seg->cache.u.segment.limit_scaled)) { - BX_INFO(("write_virtual_checks(): write beyond limit, r/w")); - exception(int_number(seg), 0, 0); - return; -@@ -97,7 +98,8 @@ - } - - else { /* real mode */ -- if ( (offset + length - 1) > seg->cache.u.segment.limit_scaled) { -+ if (offset > (seg->cache.u.segment.limit_scaled - length + 1) -+ || (length-1 > seg->cache.u.segment.limit_scaled)) { - //BX_INFO(("write_virtual_checks() SEG EXCEPTION: %x:%x + %x", - // (unsigned) seg->selector.value, (unsigned) offset, (unsigned) length)); - if (seg == & BX_CPU_THIS_PTR sregs[2]) exception(BX_SS_EXCEPTION, 0, 0); -@@ -136,7 +138,8 @@ - case 0: case 1: /* read only */ - case 10: case 11: /* execute/read */ - case 14: case 15: /* execute/read-only, conforming */ -- if ( (offset+length-1) > seg->cache.u.segment.limit_scaled ) { -+ if (offset > (seg->cache.u.segment.limit_scaled - length + 1) -+ || (length-1 > seg->cache.u.segment.limit_scaled)) { - BX_INFO(("read_virtual_checks(): write beyond limit")); - exception(int_number(seg), 0, 0); - return; -@@ -144,7 +147,8 @@ - break; - - case 2: case 3: /* read/write */ -- if ( (offset+length-1) > seg->cache.u.segment.limit_scaled ) { -+ if (offset > (seg->cache.u.segment.limit_scaled - length + 1) -+ || (length-1 > seg->cache.u.segment.limit_scaled)) { - BX_INFO(("read_virtual_checks(): write beyond limit")); - exception(int_number(seg), 0, 0); - return; -@@ -191,7 +195,8 @@ - } - - else { /* real mode */ -- if ( (offset + length - 1) > seg->cache.u.segment.limit_scaled) { -+ if (offset > (seg->cache.u.segment.limit_scaled - length + 1) -+ || (length-1 > seg->cache.u.segment.limit_scaled)) { - //BX_ERROR(("read_virtual_checks() SEG EXCEPTION: %x:%x + %x", - // (unsigned) seg->selector.value, (unsigned) offset, (unsigned) length)); - if (seg == & BX_CPU_THIS_PTR sregs[2]) exception(BX_SS_EXCEPTION, 0, 0);