Re: [Freedos-devel] MEM null string bug fix

Tue, 25 Feb 2025 11:25:48 -0800 

On at 2025-02-25 19:16 +0100, Danilo Pecher via Freedos-devel wrote:

Actually the first snippet looks a bit dodgy to me. Why initialize one
pointer and not the other?



If you'd actually looked into the source text for this [1] you would 
have found quickly that the other pointer *is* already initialised 
before it is ever read [2]. (Beat to it by Bernd pointing out the same 
line in a list reply.) I wanted to fix the crash bug, not uselessly 
shuffle around working code so it would please someone's aesthetic 
sensibilities more than it did before.



It almost looks like someone just wanted to
make his patch look a bit more substantial than it really is.



Actually, if you knew anything about this problem, like by having read 
the commit message, you may have noticed that _her_ patch is actually 
complete and functional, both necessary and sufficient to address the 
bug. You can easily check this yourself, for instance using this Debug 
script that I created just for you. Works both in lDebug and MSDebug (my 
MS-DOS v2 Debug fork), don't forget to save with CR LF line endings or 
it won't work in MSDebug:


=== bug.sld
f 100 l 40 90
a
 mov ah, 4A
 mov bx, 1000
 int 21
 xor ax, ax
 xchg ax, [2C]
 mov es, ax
 mov ah, 49
 int 21
 mov ah, 48
 xor bx, bx
 int 21
 jc 140
 dec ax
 mov ds, ax
 mov word [1], 8
 mov word [8], 4453
 and word [A], 0
 mov ax, 4C00
 int 21

a 140
 mov ax, 4CFF
 int 21

n testmem1.com
r bx
 0
r cx
 45
w 100
q

===


Run like DEBUG < bug.sld to create the TESTMEM1.COM executable. Try out 
the FreeDOS MEM /D command without my patch and observe that it doesn't 
crash nor loop infinitely. Then run TESTMEM1. Now run MEM /D again, and 
observe that it either crashes or loops infinitely.



So there's an upside to your reply: I found out that if the empty SD MCB 
isn't the first SD MCB, then it seems like there will be an infinite 
loop repeating eg "EMMXXXX0  installed DEVICE=EMS" (in the local dosemu2 
+ FreeDOS) forever. If the empty SD MCB is the first SD MCB, then the 
crash or hang will occur at the point this SD MCB is displayed, after 
the line reading "<segment>  0  (0K)  DOS  system data" and after an 
incomplete line that reads "0000  0  (0K)  ".


Regards,
ecm



[1]: 
https://gitlab.com/FreeDOS/base/mem/-/blob/ce7a4c67b7304e0fb75192023c102ec0b020c38c/SOURCE/MEM/MEM.C#L1657
[2]: 
https://gitlab.com/FreeDOS/base/mem/-/blob/ce7a4c67b7304e0fb75192023c102ec0b020c38c/SOURCE/MEM/MEM.C#L1677



_______________________________________________
Freedos-devel mailing list
Freedos-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-devel






















					Reply via email to