ajw@donk.UUCP (ajw) (08/30/88)
Sorry if you've seen this before - I don't think my last
posting got out, but could be wrong. Anyway, here are
two nasties:
1) This LARGE MODEL program fails if compiled with any level of
optimization - the only way to get it to work is
to use the -Od switch.
Optimization causes 'case 0' code to be branched
to by the second half ("else" clause) of 'case 6'.
In 'case 0', the assumption is made that ES contains
SEG_tds. However, 'case 6' destroys ES in clobber_es().
When we then branch to share 'case 0' code, i is
loaded from the wrong data segment.
Microsoft looking at bug.
****************************************
int tds[100];
int diff_data_seg[32765] = {911};
main()
{
int i, j;
j = 0;
tds[0] = 6;
switch(tds[0])
{
case 1:
i = tds[0];
j = 0;
break;
case 2:
i = 2;
break;
case 3:
i = 3;
break;
case 4:
i = 4;
break;
case 5:
i = 5;
break;
case 6:
clobber_es();
if (j != 0)
i = 666;
else
{
i = tds[0];
j = 0;
}
break;
case 7:
i = 7;
break;
}
printf("i=%d, should be 6\n",i);
}
clobber_es()
{
return diff_data_seg[0];
}
****************************************
2) Following LARGE MODEL program fails if loop optimization
is in effect.
In long_to_char(), to prepare for the loop, the
following instruction is generated:
lds si,DWORD PTR [bp+10] ; out
But now, DS and SS are not the same, and when __aFNaulshr
tries to pick up its parameter with the sequence:
mov bx,[bp+6]
mov ax,[bx]
mov dx,[bx+2]
a wild longword is accessed and shifted.
Microsoft acknowledge the bug -- "fixed next release".
****************************************
char outarray[65530];
long inlong[16000];
main()
{
inlong[0] = 50462976L;
long_to_char(inlong[0],outarray);
printf("outarray=%02x,%02x,%02x,%02x should be 00,01,02,03\n",
outarray[0],
outarray[1],
outarray[2],
outarray[3]);
}
long_to_char(in,out)
unsigned long in;
char out[];
{
int i;
for( i = 0 ; i < 4 ; i++)
{
out[i] = in & 0xff ;
in >>= 8;
}
}
-- Alan Waldock ...uunet!littlei!ihf1!mdt!ajw ajw@mdt.hf.intel.com
Opinions individual author's. Read before breaking seal. No warranty implied.