From adf023bf8600be0a097b4b2dad56ab3c488994b3 Mon Sep 17 00:00:00 2001 From: Rick Murphy Date: Fri, 7 Jan 2022 10:39:14 -0800 Subject: [PATCH] PDP8: Fix crash when using EP multiply When performing floating point multiplication, the prior code overwrote an additional word of the floating point fraction with zeros. This is harmless with standard FP, as the floating variables always have space for EP-length vars. When doing an EP multiply, this causes a word on the stack to be zeroed. For the latest Raspbian release, this causes a segfault as there's no padding past that var on the stack. This fix, which has been tested against the original crashing code plus validated using the FPP-8 diagnostics, avoids the overwrite. --- PDP8/pdp8_fpp.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/PDP8/pdp8_fpp.c b/PDP8/pdp8_fpp.c index 14a30919..d937635f 100644 --- a/PDP8/pdp8_fpp.c +++ b/PDP8/pdp8_fpp.c @@ -25,6 +25,8 @@ fpp FPP8A floating point processor + 05-Jan-22 RHM Fix fencepost error in FP multiply for extended + precision 21-Oct-21 RMS Added device number display 03-Jan-10 RMS Initialized variables statically, for VMS compiler 19-Apr-09 RHM FPICL does not clear all command and status reg bits @@ -1182,7 +1184,8 @@ for (i = 0; i < cnt; i++) { wc++; /* do another word */ lo--; /* and next mpyr word */ fpp_fr_algn (c, 24, wc + 1); - c[wc] = 0; + if (wc < FPN_NFR_MDS) /* don't assume guard word */ + c[wc] = 0; c[0] = c[1] = fill; /* propagate sign */ } if (b[lo] & FPN_FRSIGN) /* mpyr bit set? */ @@ -1372,7 +1375,8 @@ if (sc >= (cnt * 12)) { /* out of range? */ } while (sc >= 12) { for (i = cnt - 1; i > 0; i--) - a[i] = a[i - 1]; + if (i <= FPN_NFR_MDS) /* Don't overwrite if EP */ + a[i] = a[i - 1]; a[0] = sign; sc = sc - 12; }