[hatari-devel] Memory state save/restore bug in floppy

[hatari-devel] Memory state save/restore bug in floppy_ipf.c

[ Thread Index | Date Index | More lists.tuxfamily.org/hatari-devel Archives ]

To: hatari-devel@xxxxxxxxxxxxxxxxxxx
Subject: [hatari-devel] Memory state save/restore bug in floppy_ipf.c
From: Steven Noonan <steven@xxxxxxxxxxxxxx>
Date: Fri, 1 May 2015 10:24:03 -0700

There's an error in how floppy_ipf.c does save/restore. On the restore
path, it tries to use the CAPSFdcInvalidateTrack call before it has
initialized the Fdc.drive and Fdc.driveprc pointers, which causes it
to dereference an invalid memory location. This only happens if you
save the VM state, exit and reopen Hatari, then load the state. If you
save/load in the same run of Hatari you won't see the issue because
the addresses will still be valid.

A patch to correct the issue is attached.

From 60419990f03110d647248fe2439351a6678c0f2e Mon Sep 17 00:00:00 2001
From: Steven Noonan <steven@xxxxxxxxxxxxxx>
Date: Wed, 29 Apr 2015 08:57:52 -0700
Subject: [PATCH] floppy_ipf: fix save/restore bug

Since Fdc.drive was set to a bogus pointer, it was doing the reset incorrectly.
The correct thing to do is relink the pointer and *then* use the CAPS calls.

Signed-off-by: Steven Noonan <steven@xxxxxxxxxxxxxx>
---
 src/floppy_ipf.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/floppy_ipf.c b/src/floppy_ipf.c
index 9d9d366..e38092e 100644
--- a/src/floppy_ipf.c
+++ b/src/floppy_ipf.c
@@ -122,13 +122,14 @@ fprintf ( stderr , "ipf load %d\n" , StructSize );
 			/* For IPF structures, we need to update some pointers in Fdc/Drive/CapsImage */
 			/* drive : PUBYTE trackbuf, PUDWORD timebuf */
 			/* fdc : PCAPSDRIVE driveprc, PCAPSDRIVE drive, CAPSFDCHOOK callback functions */
-			CAPSFdcInvalidateTrack ( &IPF_State.Fdc , 0 );	/* Invalidate buffered track data for drive 0 */
-			CAPSFdcInvalidateTrack ( &IPF_State.Fdc , 1 );	/* Invalidate buffered track data for drive 1 */
 
 			IPF_State.Fdc.drive = IPF_State.Drive;		/* Connect drives array to the FDC */
 			if ( IPF_State.Fdc.driveprc != NULL )		/* Recompute active drive's pointer */
 				IPF_State.Fdc.driveprc = IPF_State.Fdc.drive + IPF_State.Fdc.driveact;
 
+			CAPSFdcInvalidateTrack ( &IPF_State.Fdc , 0 );	/* Invalidate buffered track data for drive 0 */
+			CAPSFdcInvalidateTrack ( &IPF_State.Fdc , 1 );	/* Invalidate buffered track data for drive 1 */
+
 			/* Set callback functions */
 			IPF_State.Fdc.cbirq = IPF_CallBack_Irq;
 			IPF_State.Fdc.cbdrq = IPF_CallBack_Drq;
-- 
2.3.7

Follow-Ups:
- Re: [hatari-devel] Memory state save/restore bug in floppy_ipf.c
  - From: Nicolas Pomarède

Messages sorted by: [ date | thread ]
Prev by Date: RE: [hatari-devel] Is it me or the symbols prg option is broken ?
Next by Date: Re: [hatari-devel] Re: FPU emulation issue with Q2
Previous by thread: Re: [hatari-devel] Is it me or the symbols prg option is broken ?
Next by thread: Re: [hatari-devel] Memory state save/restore bug in floppy_ipf.c

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/