On Saturday, June 24, 2023 at 11:55:00 PM UTC+8, Tavis Ormandy wrote:

Hi Tavis. Thanks for your reply.
Correct.
Ok, thanks for the analysis. I thought I might have been doing
something that was fundamentally and obviously wrong by
having ss != ds, and the lea showed that up.

A piece of information I forgot to give was that making the
buffer static (so referenced by ds instead of ss), made the
problem go away.

So now that no-one is aware of anything that is obviously
wrong, I thought of a way of getting more information by
creating a second set of dump functions, one of them using
"static".

Here is what I see when I use the static version, and the
new debug shown below, and Bochs instead of qemu
so that I can capture a screen:

Booting from Floppy...
5bb3351253525050PPRSPPPP

which is:

5bb3:3512 (data section of PDOS)

53525050 (SRPP - first 4 bytes treated as a 32-bit long)

PPRSPPPP (the expected buffer printing correctly)


And here is what I see when the buffer is on the stack:


Booting from Floppy...
0a6bfed850505050PPPPPPPP

which is:

0a6b:fed8

the stack area from the loader:

0A6B:0 DGROUP (from pload.map)

50505050 (no sign of my 52 and 53)

PPPPPPPP (and this is not what I want)


Any ideas? Current debug code below.

I really am expecting that the "lea" gives an address
relative to ds rather than ss. Although I read that
lea is a simple arithmetic operation, which would
mean it is unrelated to either the ds or ss value.
But that doesn't sound right to me. I think it needs
to be relative to something by definition, and I
would hope that a bp reference is relative to ss.

Also note that I changed this so that it is within
the first 4 bytes so that a "long" can see both
bytes.

+ buf[2-y] = 'R';
+ buf[3] = 'P';
+ buf[3+y] = 'S';

Thanks. Paul.



diff --git a/src/pdos.c b/src/pdos.c
index 0459c3ab..c35bc927 100644
--- a/src/pdos.c
+++ b/src/pdos.c
@@ -885,6 +885,10 @@ void pdosRun(void)
#ifdef __32BIT__
printf("Welcome to PDOS/386 (aka PD-Windows)\n");
#else
+/*dumpbuf("XY", 2);*/
+dumplong((long)5);
+for (;;) ;
+printf("Z");
printf("Welcome to PDOS/86\n");
#endif
PosSetVideoAttribute(0x7);
@@ -5828,17 +5832,71 @@ static void accessDisk(int drive)
return;
}

-void dumplong(unsigned long x)
+void dumpbuf2(unsigned char *buf, int len);
+
+void dumplong2(unsigned long x)
{
- int y;
+ static int y;
char *z = "0123456789abcdef";
- char buf[9];
+ static char buf[9];
+
+ for (y = 0; y < 8; y++)
+ {
+ buf[7 - y] = z[x & 0x0f];
+ x /= 16;
+ }
+ buf[8] = '\0';
+ dumpbuf2(buf, 8);
+ return;
+}
+
+void dumpbuf2(unsigned char *buf, int len)
+{
+ int x;
+
+ for (x = 0; x < len; x++)
+ {
+ pdosWriteText(buf[x]);
+ }
+ return;
+}

+void dumplong(unsigned long x)
+{
+ static int y;
+ char *z = "0123456789abcdef";
+ char buf[9]; /* using static makes it work */
+
+ y = 0;
+ buf[0] = 'P';
+ buf[1] = 'P';
+ buf[2] = 'P';
+ buf[2-y] = 'R';
+ buf[3] = 'P';
+ buf[3+y] = 'S';
+ buf[4] = 'P';
+ buf[5] = 'P';
+ buf[6] = 'P';
+ buf[7] = 'P';
+#if 0
for (y = 0; y < 8; y++)
{
buf[7 - y] = z[x & 0x0f];
x /= 16;
+#if 0
+ buf[7 - y] = 'V'; /* z[x & 0x0f]; */
+ /* x /= 16; */
+ if (x != 333)
+ {
+ buf[7] = 'H';
+ dumpbuf(&buf[7], 1);
+ buf[7-y] = 'G';
+ dumpbuf(&buf[7-y], 1);
+ dumpbuf(&buf[7], 1);
+ }
+#endif
}
+#endif
buf[8] = '\0';
dumpbuf(buf, 8);
return;
@@ -5848,6 +5906,9 @@ void dumpbuf(unsigned char *buf, int len)
{
int x;

+/* buf is 0a6b:fedf */
+ dumplong2((long)buf);
+ dumplong2((long)*(long *)buf);
for (x = 0; x < len; x++)
{
pdosWriteText(buf[x]);