Menu

#2 Bug in Pos_JOH_IA32_6, PosEx_JOH_IA32_7 and PosEx_JOH_IA32_8.

v1.0 (example)
open
nobody
Bug (1)
5
2017-04-18
2017-04-18
Egon Elbre
No

Apparently we've stumbled on a bug in Pos_JOH_IA32_6, PosEx_JOH_IA32_7 and PosEx_JOH_IA32_8. (Using Delphi 7).

Simplest case that can demonstrate the problem:

program PosTestCase;

uses
  FastMM4,
  SysUtils,
  FastcodePosExUnit,
  FastcodePosUnit
;

var
  S: String;
  X: Integer;
begin
    // See edx and esi registers near in the appropriate functions
    // @@MainLoop:
    //   add     edx, 4
    //   cmp     edx, esi
    //   ...
  S := 'aaa'#0;
  X := Pos_JOH_IA32_6('e'#0, S);
  X := PosEx_JOH_IA32_7('e'#0, S, 1);
  X := PosEx_JOH_IA32_8('e'#0, S, 1);
end.

The search switches between @@MainLoop and @@Remainder eventually searching past S.

Important bits:
1. S must be followed by #0
2. Crash will occur if past the #0 is unallocated or protected memory. Unfortunately we weren't able to make a simplified crashing case, but it should be trivial to see that it can happen.

This example does not unless you manage to allocate S near memory boundary.

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.