From d890ced9ef61d35c053a473c02c823513d89a6dd Mon Sep 17 00:00:00 2001 From: snipsnipsnip Date: Sat, 13 Feb 2016 13:06:53 +0900 Subject: [PATCH] Changes from ldmicro-rel2.3.zip (md5 571062102fc3f9836eb63d6b34896a98) --- ldmicro/CHANGES.txt | 6 ++++++ ldmicro/helpdialog.cpp | 4 ++-- ldmicro/intcode.cpp | 19 ++++++++++++------- ldmicro/iolist.cpp | 9 +++++++++ 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/ldmicro/CHANGES.txt b/ldmicro/CHANGES.txt index c6da43d..61f6755 100644 --- a/ldmicro/CHANGES.txt +++ b/ldmicro/CHANGES.txt @@ -1,4 +1,10 @@ +== Release 2.3 + + * Fix buffer overrun or write to null pointer if Windows sends an + LVN_GETDISPINFO without a valid item.pszText, which happens now + under Win10. + == Release 2.2 * Fix a problem with the ANSI C target when the program had bit and diff --git a/ldmicro/helpdialog.cpp b/ldmicro/helpdialog.cpp index 9ac82af..eac2b76 100644 --- a/ldmicro/helpdialog.cpp +++ b/ldmicro/helpdialog.cpp @@ -62,8 +62,8 @@ static char *AboutText[] = { "", " http://cq.cx/ladder.pl", "", -"Copyright 2005-2010 Jonathan Westhues", -"Release 2.2, built " __TIME__ " " __DATE__ ".", +"Copyright 2005-2016 Jonathan Westhues", +"Release 2.3, built " __TIME__ " " __DATE__ ".", "", "Email: user jwesthues, at host cq.cx", "", diff --git a/ldmicro/intcode.cpp b/ldmicro/intcode.cpp index 6f1cf15..740daf2 100644 --- a/ldmicro/intcode.cpp +++ b/ldmicro/intcode.cpp @@ -891,8 +891,13 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut) // This is a table of characters to transmit, as a function of the // sequencer position (though we might have a hole in the middle - // for the variable output) - char outputChars[MAX_LOOK_UP_TABLE_LEN]; + // for the variable output); positive is an unsigned character, + // negative is special flag values + enum { + OUTPUT_DIGIT = -1, + OUTPUT_SIGN = -2, + }; + int outputChars[MAX_LOOK_UP_TABLE_LEN]; BOOL mustDoMinus = FALSE; @@ -917,7 +922,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut) p++; if(*p == '-') { mustDoMinus = TRUE; - outputChars[steps++] = 1; + outputChars[steps++] = OUTPUT_SIGN; p++; } if(!isdigit(*p) || (*p - '0') > 5 || *p == '0') { @@ -928,7 +933,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut) digits = (*p - '0'); int i; for(i = 0; i < digits; i++) { - outputChars[steps++] = 0; + outputChars[steps++] = OUTPUT_DIGIT; } } else if(*p == '\\') { p++; @@ -960,7 +965,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut) break; } } else { - outputChars[steps++] = *p; + outputChars[steps++] = (unsigned char)*p; } if(*p) p++; } @@ -1013,7 +1018,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut) int i; int digit = 0; for(i = 0; i < steps; i++) { - if(outputChars[i] == 0) { + if(outputChars[i] == OUTPUT_DIGIT) { // Note gross hack to work around limit of range for // AVR brne op, which is +/- 64 instructions. Op(INT_SET_VARIABLE_TO_LITERAL, "$scratch", i); @@ -1063,7 +1068,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut) Op(INT_END_IF); digit++; - } else if(outputChars[i] == 1) { + } else if(outputChars[i] == OUTPUT_SIGN) { // do the minus; ugliness to get around the BRNE jump // size limit, though Op(INT_SET_VARIABLE_TO_LITERAL, "$scratch", i); diff --git a/ldmicro/iolist.cpp b/ldmicro/iolist.cpp index 15b89c8..f4eb28e 100644 --- a/ldmicro/iolist.cpp +++ b/ldmicro/iolist.cpp @@ -772,6 +772,15 @@ void IoListProc(NMHDR *h) switch(h->code) { case LVN_GETDISPINFO: { NMLVDISPINFO *i = (NMLVDISPINFO *)h; + if(!((i->item.mask & LVIF_TEXT) && + (i->item.pszText) && + (i->item.cchTextMax > 200))) + { + // This test didn't used to be present, and Windows 10 now + // sends an LVN_GETDISPINFO that fails it, which would + // otherwise cause us to write to a null pointer. + break; + } int item = i->item.iItem; switch(i->item.iSubItem) { case LV_IO_PIN: