Skip to content

Commit f7546e6

Browse files
m3y54mm3y54m
authored
Bugfix #560: false positive crash on out-of-bounds memory writes (#561)
1 parent 74c212e commit f7546e6

File tree

1 file changed

+13
-12
lines changed

1 file changed

+13
-12
lines changed

simavr/sim/sim_core.c

Lines changed: 13 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -227,17 +227,15 @@ void _call_sram_irqs(avr_t *avr, uint16_t addr) {
227227
void avr_core_watch_write(avr_t *avr, uint16_t addr, uint8_t v)
228228
{
229229
if (addr > avr->ramend) {
230+
uint16_t ramstart = avr->ioend + 1;
231+
uint16_t ramsize = avr->ramend - ramstart + 1;
232+
uint16_t wrapped_addr = ramstart + ((addr - ramstart) % ramsize);
230233
AVR_LOG(avr, LOG_WARNING,
231234
"CORE: *** Wrapping write address "
232-
"PC=%04x SP=%04x O=%04x v=%02x Address %04x %% %04x --> %04x\n",
233-
avr->pc, _avr_sp_get(avr), _avr_flash_read16le(avr, avr->pc), v, addr, (avr->ramend + 1), addr % (avr->ramend + 1));
234-
addr = addr % (avr->ramend + 1);
235-
}
236-
if (addr < 32) {
237-
AVR_LOG(avr, LOG_ERROR,
238-
"%sCORE: *** Invalid write address PC=%04x SP=%04x O=%04x Address %04x=%02x low registers%s\n",
239-
simavr_font.red, avr->pc, _avr_sp_get(avr), _avr_flash_read16le(avr, avr->pc), addr, v, simavr_font.normal);
240-
crash(avr);
235+
"PC=%04x SP=%04x O=%04x Address %04x --> %04x (ramstart=%04x, ramend=%04x)\n",
236+
avr->pc, _avr_sp_get(avr), _avr_flash_read16le(avr, avr->pc),
237+
addr, wrapped_addr, ramstart, avr->ramend);
238+
addr = wrapped_addr;
241239
}
242240
#if AVR_STACK_WATCH
243241
/*
@@ -264,12 +262,15 @@ void avr_core_watch_write(avr_t *avr, uint16_t addr, uint8_t v)
264262
uint8_t avr_core_watch_read(avr_t *avr, uint16_t addr)
265263
{
266264
if (addr > avr->ramend) {
265+
uint16_t ramstart = avr->ioend + 1;
266+
uint16_t ramsize = avr->ramend - ramstart + 1;
267+
uint16_t wrapped_addr = ramstart + ((addr - ramstart) % ramsize);
267268
AVR_LOG(avr, LOG_WARNING,
268269
"CORE: *** Wrapping read address "
269-
"PC=%04x SP=%04x O=%04x Address %04x %% %04x --> %04x\n",
270+
"PC=%04x SP=%04x O=%04x Address %04x --> %04x (ramstart=%04x, ramend=%04x)\n",
270271
avr->pc, _avr_sp_get(avr), _avr_flash_read16le(avr, avr->pc),
271-
addr, (avr->ramend + 1), addr % (avr->ramend + 1));
272-
addr = addr % (avr->ramend + 1);
272+
addr, wrapped_addr, ramstart, avr->ramend);
273+
addr = wrapped_addr;
273274
}
274275

275276
if (avr->gdb) {

0 commit comments

Comments
 (0)