aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorhpa <hpa>2002-04-18 05:04:44 +0000
committerhpa <hpa>2002-04-18 05:04:44 +0000
commita2d316977bf5a8bfa6b420071a8a6108adc877ee (patch)
tree2e1a1d330692262902aec7b6233854c6cdd74156
parent106e5fabf094b8217aabb5193baccebdf1a51ac9 (diff)
downloadsyslinux-1.71.tar.gz
syslinux-1.71.tar.xz
syslinux-1.71.zip
Correct stack corruption problem.syslinux-1.71
-rw-r--r--isolinux.asm27
-rw-r--r--ldlinux.asm27
-rw-r--r--pxelinux.asm27
3 files changed, 39 insertions, 42 deletions
diff --git a/isolinux.asm b/isolinux.asm
index 80f1cf4c..ec0da98b 100644
--- a/isolinux.asm
+++ b/isolinux.asm
@@ -2917,13 +2917,13 @@ load_high:
pop si
call abort_check
- push eax ; Total chunk to transfer
+ push eax ; <A> Total bytes to transfer
cmp eax,(1 << 16) ; Max 64K in one transfer
jna .size_ok
mov eax,(1 << 16)
.size_ok:
xor edx,edx
- push eax ; Bytes transferred this chunk
+ push eax ; <B> Bytes transferred this chunk
movzx ecx,word [ClustSize]
div ecx ; Convert to clusters
; Round up...
@@ -2931,32 +2931,31 @@ load_high:
adc eax,byte 0 ; Add 1 to EAX if CF set
; Now (e)ax contains the number of clusters to get
- push edi
+ push edi ; <C> Target buffer
mov cx,ax
xor bx,bx ; ES:0
call getfssec ; Load the data into xfer_buf_seg
- pop edi
- pop ecx ; Byte count this round
- push ecx
- push edi
+ pop edi ; <C> Target buffer
+ pop ecx ; <B> Byte count this round
+ push ecx ; <B> Byte count this round
+ push edi ; <C> Target buffer
.fix_slop:
test cl,3
jz .noslop
; The last dword fractional - pad with zeroes
; Zero-padding is critical for multi-file initramfs.
- mov bx,cx
- mov byte [es:bx],0
+ mov byte [es:ecx],0
inc ecx
jmp short .fix_slop
.noslop:
shr ecx,2 ; Convert to dwords
- push esi
+ push esi ; <D> File handle/cluster pointer
mov esi,(xfer_buf_seg << 4) ; Source address
call bcopy ; Copy to high memory
- pop esi
- pop edi
- pop ecx
- pop eax
+ pop esi ; <D> File handle/cluster pointer
+ pop edi ; <C> Target buffer
+ pop ecx ; <B> Byte count this round
+ pop eax ; <A> Total bytes to transfer
add edi,ecx
sub eax,ecx
jnz .read_loop ; More to read...
diff --git a/ldlinux.asm b/ldlinux.asm
index bbade43d..eb3771c4 100644
--- a/ldlinux.asm
+++ b/ldlinux.asm
@@ -2838,13 +2838,13 @@ load_high:
pop si
call abort_check
- push eax ; Total chunk to transfer
+ push eax ; <A> Total bytes to transfer
cmp eax,(1 << 16) ; Max 64K in one transfer
jna .size_ok
mov eax,(1 << 16)
.size_ok:
xor edx,edx
- push eax ; Bytes transferred this chunk
+ push eax ; <B> Bytes transferred this chunk
movzx ecx,word [ClustSize]
div ecx ; Convert to clusters
; Round up...
@@ -2852,32 +2852,31 @@ load_high:
adc eax,byte 0 ; Add 1 to EAX if CF set
; Now (e)ax contains the number of clusters to get
- push edi
+ push edi ; <C> Target buffer
mov cx,ax
xor bx,bx ; ES:0
call getfssec ; Load the data into xfer_buf_seg
- pop edi
- pop ecx ; Byte count this round
- push ecx
- push edi
+ pop edi ; <C> Target buffer
+ pop ecx ; <B> Byte count this round
+ push ecx ; <B> Byte count this round
+ push edi ; <C> Target buffer
.fix_slop:
test cl,3
jz .noslop
; The last dword fractional - pad with zeroes
; Zero-padding is critical for multi-file initramfs.
- mov bx,cx
- mov byte [es:bx],0
+ mov byte [es:ecx],0
inc ecx
jmp short .fix_slop
.noslop:
shr ecx,2 ; Convert to dwords
- push esi
+ push esi ; <D> File handle/cluster pointer
mov esi,(xfer_buf_seg << 4) ; Source address
call bcopy ; Copy to high memory
- pop edi
- pop esi
- pop ecx
- pop eax
+ pop esi ; <D> File handle/cluster pointer
+ pop edi ; <C> Target buffer
+ pop ecx ; <B> Byte count this round
+ pop eax ; <A> Total bytes to transfer
add edi,ecx
sub eax,ecx
jnz .read_loop ; More to read...
diff --git a/pxelinux.asm b/pxelinux.asm
index 3130bdc5..e14846e2 100644
--- a/pxelinux.asm
+++ b/pxelinux.asm
@@ -2649,13 +2649,13 @@ load_high:
pop si
call abort_check
- push eax ; Total chunk to transfer
+ push eax ; <A> Total bytes to transfer
cmp eax,(1 << 16) ; Max 64K in one transfer
jna .size_ok
mov eax,(1 << 16)
.size_ok:
xor edx,edx
- push eax ; Bytes transferred this chunk
+ push eax ; <B> Bytes transferred this chunk
movzx ecx,word [ClustSize]
div ecx ; Convert to clusters
; Round up...
@@ -2663,32 +2663,31 @@ load_high:
adc eax,byte 0 ; Add 1 to EAX if CF set
; Now (e)ax contains the number of clusters to get
- push edi
+ push edi ; <C> Target buffer
mov cx,ax
xor bx,bx ; ES:0
call getfssec ; Load the data into xfer_buf_seg
- pop edi
- pop ecx ; Byte count this round
- push ecx
- push edi
+ pop edi ; <C> Target buffer
+ pop ecx ; <B> Byte count this round
+ push ecx ; <B> Byte count this round
+ push edi ; <C> Target buffer
.fix_slop:
test cl,3
jz .noslop
; The last dword fractional - pad with zeroes
; Zero-padding is critical for multi-file initramfs.
- mov bx,cx
- mov byte [es:bx],0
+ mov byte [es:ecx],0
inc ecx
jmp short .fix_slop
.noslop:
shr ecx,2 ; Convert to dwords
- push esi
+ push esi ; <D> File handle/cluster pointer
mov esi,(xfer_buf_seg << 4) ; Source address
call bcopy ; Copy to high memory
- pop esi
- pop edi
- pop ecx
- pop eax
+ pop esi ; <D> File handle/cluster pointer
+ pop edi ; <C> Target buffer
+ pop ecx ; <B> Byte count this round
+ pop eax ; <A> Total bytes to transfer
add edi,ecx
sub eax,ecx
jnz .read_loop ; More to read...