flat assembler
Message board for the users of flat assembler.

Index > Compiler Internals > [bug]Access voilation when reading 0x2020202C or 0x20202024

Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17714
Location: In your JS exploiting you and your system
revolution
The following code generates a hard fault with FASMW & FASM when the memory usage is set to 65536K or 32768K

Sorry for the long code posting but the situation seems quite specific. I tried changing/removing things but the fault then goes away.

This will compile with a higher memory setting, and gives an out of memory error with a lower memory setting. So ya gotta use 65536K/32768K to see the problem.
Code:
use32

string_list equ
curr_strings equ x

macro do_string string,starting,ending,tag {
        local found
        found equ no
        match head =, string == tail,curr_strings \{
                purge found
                found equ yes
                match head =, string == tail,curr_strings \\{
                        match start_l end_l any,tail \\\{
                                starting = start_l
                                ending = end_l
                        \\\}
                \\}
        \}
        match =no,found \{
                curr_strings equ curr_strings , string = starting ending :
                local z
                string_list equ string_list,z
                macro z \\{
                        if defined tag
                                starting: db string
                                ending:
                        end if
                \\}
        \}
        purge found
}

macro pushd val {
        local .x,.y,.z
        .z:
        local found
        found equ no
        match =addr v,val \{
                purge found
                found equ yes
        \}
        match =no,found \{
                if val eqtype ''
                        do_string val,.x,.y,.z
                        pushd .x
                else
                        pushd val
                end if
        \}
        purge found
}

rept 550 c {pushd `c#'                                '}
rept 550 c {pushd `c#'                                '}

match data_list,string_list{irp i,data_list{i\}}
    

PS: I'm using v1.66, does this mean we get v1.66.01 now? Smile
Post 18 May 2006, 18:50
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Same problem with 1.64. When you use 65536KB you get an access violation when reading 0x20202020

Code:
00417B75   C1E0 08          SHL EAX,8
00417B78   88C8             MOV AL,CL
00417B7A   89C5             MOV EBP,EAX
00417B7C   BB A4454200      MOV EBX,FASMW.004245A4
00417B81   8B13             MOV EDX,DWORD PTR DS:[EBX] ; <- Faulty instruction
00417B83   09D2             OR EDX,EDX
00417B85   74 13            JE SHORT FASMW.00417B9A
00417B87   31C0             XOR EAX,EAX
00417B89   D1ED             SHR EBP,1
00417B8B   83D0 00          ADC EAX,0
00417B8E   8D1C82           LEA EBX,DWORD PTR DS:[EDX+EAX*4]
00417B91   09ED             OR EBP,EBP
00417B93  ^75 EC            JNZ SHORT FASMW.00417B81
00417B95   83C3 08          ADD EBX,8
00417B98   F8               CLC
00417B99   C3               RETN
00417B9A   F9               STC
00417B9B   C3               RETN    


[edit] Now with 1.66

Code:
00417D6C   51               PUSH ECX
00417D6D   E8 20000000      CALL FASMW.00417D92
00417D72   72 1B            JB SHORT FASMW.00417D8F
00417D74   8B13             MOV EDX,DWORD PTR DS:[EBX] ;<- Faulty instruction
00417D76   89F3             MOV EBX,ESI
00417D78   09D2             OR EDX,EDX
00417D7A   74 13            JE SHORT FASMW.00417D8F
00417D7C   8B0C24           MOV ECX,DWORD PTR SS:[ESP]
00417D7F   8B7A 04          MOV EDI,DWORD PTR DS:[EDX+4]
00417D82   F3:A6            REPE CMPS BYTE PTR ES:[EDI],BYTE PTR DS:>
00417D84   74 06            JE SHORT FASMW.00417D8C
00417D86   89DE             MOV ESI,EBX
00417D88   8B12             MOV EDX,DWORD PTR DS:[EDX]
00417D8A  ^EB EC            JMP SHORT FASMW.00417D78
00417D8C   59               POP ECX
00417D8D   F8               CLC
00417D8E   C3               RETN
00417D8F   59               POP ECX
00417D90   F9               STC
00417D91   C3               RETN    


Something curious, 0x2020202C also is ",<sp><sp<sp>", maybe a buffer overflow that overwrites pointer table?
Post 18 May 2006, 19:22
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17714
Location: In your JS exploiting you and your system
revolution
Here is another access violation, I think related to the previous
Code:
rept 99{a equ a,a}    
That is the whole file, just 18 bytes as shown, doesn't matter how much memory your pc has.

As for the above code dissassembly, that is the hash table walker, clearly the pointer is being clobbered by the strings, perhaps this simpler example shows where the memory is being errantly written.
Post 19 May 2006, 02:15
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
With rept 23{a equ a,a} is enough too. With flat assembler preprocessor version 1.64 works good both "rept 23{a equ a,a}" and the first code you posted.

PS: Note that if you use an odd number below the required memory you will get an "Out of memory" instead of a crash, for example with 65536 crashes but with 65537 no. Note that there is a lot of odd number that doesn't work anyway but I didn't find an even number that doesn't crash (of course I didn't test all the possible values).
Post 19 May 2006, 02:49
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17714
Location: In your JS exploiting you and your system
revolution
Access violation when writing 0x00000011

Another 18 byte source file
Code:
label a at word ax    
Post 19 May 2006, 04:18
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7801
Location: Kraków, Poland
Tomasz Grysztar
I'm forced to do the "silent update" (so far the only one for 1.66). Wink I don't want to start the 1.67 dev. line right now.
Post 19 May 2006, 11:32
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.