[comp.sys.amiga.programmer] expansion.library bug

dave@csis.dit.csiro.au (David Campbell) (01/28/91)

Here is a bug in the expansion library function AllocExpansionMem of
version 1.3 of AmigaOS.  In version 2.x it is changed but not
corrected properly (as far as I can see).

The problem is that first d2-d3 are pushed but on an error condition,
a2-a3 are popped off where d2-d3 should be being popped.  Its just
an incorrect branch which results in d2,d3,a2,a3 being corrupted!

00FC4F20 48E7 3000              movem.l d2-d3,-(sp)	<---- pushes d2-d3
00FC4F24 2400                   move.l  d0,d2
00FC4F26 2601                   move.l  d1,d3
00FC4F28 D081                   add.l   d1,d0
00FC4F2A 0C80 00000100          cmpi.l  #$000100,d0
00FC4F30 6238                   bhi.s   $FC4F6A		<---- error condition
00FC4F32 0C42 0007              cmpi.w  #$0007,d2             too many slots
00FC4F36 621C                   bhi.s   $FC4F54		      requested
00FC4F38 223C 000000F0          move.l  #$0000F0,d1
00FC4F3E 203C 000000E8          move.l  #$0000E8,d0
00FC4F44 41EE 0058              lea     $58(a6),a0
00FC4F48 6100 0024              bsr     $FC4F6E
00FC4F4C 0C80 FFFFFFFF          cmpi.l  #$FFFFFFFF,d0
00FC4F52 6610                   bne.s   $FC4F64
00FC4F54 223C 00000100          move.l  #$000100,d1
00FC4F5A 2003                   move.l  d3,d0
00FC4F5C 41EE 0058              lea     $58(a6),a0
00FC4F60 6100 000C              bsr     $FC4F6E
00FC4F64 4CDF 000C              movem.l (sp)+,d2-d3
00FC4F68 4E75                   rts

; As far as I can see, in AmigaOS 2.x the next two instructions become
; completely unused.  Instead immediately following these instructions,
; something is done with some private data in expansionbase.

00FC4F6A 70FF                   moveq   #-$01,d0	<---- error = -1
00FC4F6C 6038                   bra.s   $FC4FA6		<---- pop em
								|
; The branch above should be to $fc4f64				|
								|
00FC4F6E 48E7 0030              movem.l a2-a3,-(sp)		|
00FC4F72 45F0 0800              lea     $00(a0,d0.l),a2		|
00FC4F76 47F0 1800              lea     $00(a0,d1.l),a3		V
00FC4F7A 6002                   bra.s   $FC4F7E
00FC4F7C D5C2                   adda.l  d2,a2
00FC4F7E B7CA                   cmpa.l  a2,a3
00FC4F80 6322                   bls.s   $FC4FA4
00FC4F82 224A                   movea.l a2,a1
00FC4F84 2202                   move.l  d2,d1
00FC4F86 5381                   subq.l  #1,d1
00FC4F88 4A19                   tst.b   (a1)+
00FC4F8A 57C9 FFFC              dbeq    d1,$FC4F88
00FC4F8E 67EC                   beq.s   $FC4F7C
00FC4F90 7000                   moveq   #$00,d0
00FC4F92 2202                   move.l  d2,d1
00FC4F94 224A                   movea.l a2,a1
00FC4F96 6002                   bra.s   $FC4F9A
00FC4F98 12C0                   move.b  d0,(a1)+
00FC4F9A 51C9 FFFC              dbf     d1,$FC4F98
00FC4F9E 95C8                   suba.l  a0,a2
00FC4FA0 200A                   move.l  a2,d0
00FC4FA2 6002                   bra.s   $FC4FA6
00FC4FA4 70FF                   moveq   #-$01,d0
00FC4FA6 4CDF 0C00              movem.l (sp)+,a2-a3	<---- pops a2-a3 wrong!
00FC4FAA 4E75                   rts

Dave Campbell
dave@csis.dit.csiro.au