#1 vm/mem.c:mem_getWord returns wrong values

[Philipp Adelt]

An error during loading some code images occured
resulting in stack and heap corruption. Investigation
showed unchecked size fields that were read as too
long (0xFFAC instead of 0x00AC).
The reason was that in mem_getWord, two bytes are read
from memory into S8 (signed char) variables and
combined using an "or" operator that resulted in the
low byte being interpreted as signed value whose sign
is propagated to the resulting S16 value.

This seems to be a regression from Release 01 where
the two bytes are read out into U8 variables.

The patch below fixes the problem in Release 02.

It should be noted that using signed variables in
memory operations without semantic information in the
variables is questionable in all places, not only
here. E.g. is it wise to return S8 from mem_getByte
etc.? Should the pointers be replaced by P_U8?

Philipp

Index: src/vm/mem.c

--- src/vm/mem.c (revision 22)
+++ src/vm/mem.c (working copy)
@@ -91,13 +91,13 @@

INLINE
-S16
+U16
mem_getWord(PyMemSpace_t memspace, P_S8 *paddr)
{
/* PyMite is little endien; get lo byte first */
- S8 blo = mem_getByte(memspace, paddr);
- S8 bhi = mem_getByte(memspace, paddr);
- return (S16)(blo | (bhi << 8));
+ U8 blo = mem_getByte(memspace, paddr);
+ U8 bhi = mem_getByte(memspace, paddr);
+ return (U16)(blo | (bhi << 8));
}

Index: src/vm/mem.h

--- src/vm/mem.h (revision 21)
+++ src/vm/mem.h (working copy)
@@ -85,7 +85,7 @@
* @return word from memory.
* addr - points one byte past the word
*/
-INLINE S16 mem_getWord(PyMemSpace_t memspace, P_S8
*paddr);
+INLINE U16 mem_getWord(PyMemSpace_t memspace, P_S8
*paddr);

/**
* Copy count number of bytes