C (179/257)

From:
Date:	19 Feb 2001 at 21:56:11
Subject:	Impossible MuForce hit

Hello there...

I'm wondering how this kind of MuForce hit is possible at all:

MuForce hit! Bad program!
LONG READ from 00000008 PC: 00FD60A4
USP : 6908F7CC SR: 0010 (U0)(-)(-) TCB: 68C83EE8
Data: 6902691A ABAD0000 00004000 68FFE480 00000001 1A3CE325 1A321707 00000014
----> 6902691A - "LIBS:EasyUpdate.library" Hunk 0000 Offset 00000C82
Addr: 00000000 6908F7DC 6902691A 6902692A 68FFD340 68FFE464 6802B074 68555B74
Stck: 00FD60AC 68FFE464 00FD350A 6902691A 00000102 00FCFB50 6902691A 690279AE
Stck: 69027992 68FFD628 6908F898 6902786E 00004000 00000000 00000001 1A3CE325
----> 00FD60A4 - "ROM - intuition 40.85 (5.5.93)" Hunk 0000 Offset 00006C08
----> 00FD60AC - "ROM - intuition 40.85 (5.5.93)" Hunk 0000 Offset 00006C10
----> 00FD350A - "ROM - intuition 40.85 (5.5.93)" Hunk 0000 Offset 0000406E
----> 6902691A - "LIBS:EasyUpdate.library" Hunk 0000 Offset 00000C82
----> 00FCFB50 - "ROM - intuition 40.85 (5.5.93)" Hunk 0000 Offset 000006B4
----> 6902691A - "LIBS:EasyUpdate.library" Hunk 0000 Offset 00000C82
----> 690279AE - "LIBS:EasySocket.library" Hunk 0000 Offset 000006AE
----> 69027992 - "LIBS:EasySocket.library" Hunk 0000 Offset 00000692
----> 6902786E - "LIBS:EasySocket.library" Hunk 0000 Offset 0000056E
PC-8: FFF04E5D 4E750000 2F0A4CEF 05000008 200A6712 2008670E 226F0010 487A000A
PC *: 2F280008 4E757000 245F4E75 2F0A4CEF 05000008 200A67EE 200867EA 43EF0010
00fd6082 : 0c04 fff0 cmpi.b #-$10,d4
00fd6086 : 4e5d unlk a5
00fd6088 : 4e75 rts
00fd608a : 0000 2f0a ori.b #$a,d0
00fd608e : 4cef 0500 0008 movem.l $8(a7),a0/a2
00fd6094 : 200a move.l a2,d0
00fd6096 : 6712 beq.s $fd60aa
00fd6098 : 2008 move.l a0,d0
00fd609a : 670e beq.s $fd60aa
00fd609c : 226f 0010 movea.l $10(a7),a1
00fd60a0 : 487a 000a pea.l $fd60ac(pc)
00fd60a4 : *2f28 0008 move.l $8(a0),-(a7)
00fd60a8 : 4e75 rts
00fd60aa : 7000 moveq.l #$0,d0
00fd60ac : 245f movea.l (a7)+,a2
00fd60ae : 4e75 rts

As you can see there is an illegal read access at line $fd6024, LONG READ
from $00000008. This is possible only if A0 is NULL [move.l 8(a0),-(a7)], but
as you can see the register A0 is checked against NULL pointer at line
$fd6098. Eh?

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
eGroups is now Yahoo! Groups
Click here for more details
http://click.egroups.com/1/11231/0/_/451227/_/982617027/
---------------------------------------------------------------------_->