Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the board
Thread view  Mix view  Order
Arjay(R)

26.10.2013, 18:40
(edited by Arjay, 26.10.2013, 23:42)
 

FreeDOS EDIT 0.9a (0.9.1.0) - Interrupt vector trashing bug? (Users)

Whilst testing with IVTUTIL, I appear to have uncovered a fairly critical bug in FreeDOS's EDIT 0.9a and 0.7 (earlier versions also?). Under at least one scenario FreeDOS's EDIT.EXE appears to trash at least 2 fairly critcal Interrupt vectors: Int 01h (SINGLE STEP) + Int 02h (NON-MASKABLE INTERRUPT).

I suspect this may possibly be related to FreeDOS bug #2 reported by DOS386 back when edit 0.9a first came out, #2 FreeDOS EDIT 0.9 BUG - mouse cursor vanishes on some hardware and discussed on this forum.

Due to my time constraints I would appreciate it if others could also take a look at this? I will raise a FD bug report and point it to this discussion.

Example steps to review the bug:
1) Download and extract IVTUTIL.EXE
2) c:\edittest>IVTUTIL MEM B4EDIT.TXT
3) c:\edittest>IVTUTIL MEM B4EDIT.DAT
4) c:\edittest>EDIT
5) Within EDIT select "File", "New"
6) Within EDIT select "File", "Exit"
7) c:\edittest>IVTUTIl MEM AFTREDIT.TXT
8) c:\edittest>IVTUTIl MEM AFTREDIT.DAT
9) Compare the contents of B4EDIT.TXT and AFTREDIT.TXT (text file)
10) Compare the contents of B4EDIT.DAT and AFTREDIT.DAT (binary data)

There should NOT be any differences if EDIT.EXE is correctly restoring Interrupts.

e.g. For me under under DOSBox:

B4EDIT.TXT
INT    VECTOR    POINTS TO
---    ------    ---------
$00   F000:1060
$01   0070:0008
$02   0070:0008
$03   0070:0008


vs

AFTREDIT.TXT
INT    VECTOR    POINTS TO
---    ------    ---------
$00   F000:1060
$01   6465:6C74
$02   0070:0000
$03   0070:0008


If you review the binary data, e.g. AFTREDIT.DAT
-d         [interupt00][interupt01][interupt02][interupt03]
xxxx:0100  60 10 00 F0 74 6C 65 64-00 00 70 00 08 00 70 00   `...tled..p...p.


Interrupt 01h is set to 6465:6C74 which in binary is "tled" presumably from the default window name of "Untitled". It looks like EDIT.EXE has a pointer with a null segment causing the overwriting of the Interrupt Vector Table.


[EDIT]Link to FreeDOS bug report #112[/EDIT]

[EDIT2]I have now confirmed this further. Firstly as below, via debug and selecting create "new file" whilst in EDIT as per steps 5+6 above:

C:\EDITTEST>debug edit.exe
-d 0:0,f
0000:0000  68 10 A7 00 8B 01 70 00-16 00 BE 03 8B 01 70 00   h.....p.......p.
-g
FreeDOS EDIT 0.9a (0.9.1.0)
(based on FreeDOS DFlat+ 1.0 application framework)

Program terminated normally
-d 0:0,f
0000:0000  68 10 A7 00 74 6C 65 64-00 00 BE 03 B1 13 8F 0F   h...tled........
-q
C:\EDITTEST>


Reviewing the source for EDIT.C I noted the following static value:
static char Untitled[] = "Untitled";

I copied and patched the EXE at offset 276BD changing the bytes 74,6C,65,64 / "tled" to 54 45 53 54 / "TEST" and performed the same steps above and sure enough the word "TEST" appeared in the interrupt vector table....

C:\EDITTEST>debug edit2.exe
-d 0:0,f
0000:0000  68 10 A7 00 8B 01 70 00-00 00 BE 03 8B 01 70 00   h.....p.......p.
-g
FreeDOS EDIT 0.9a (0.9.1.0)
(based on FreeDOS DFlat+ 1.0 application framework)

Program terminated normally
-d 0:0,f
0000:0000  68 10 A7 00 54 45 53 54-00 00 BE 03 B1 13 8F 0F   h...TEST........
-q
C:\EDITTEST>

Arjay(R)

01.11.2013, 18:41
(edited by Arjay, 02.11.2013, 00:45)

@ Arjay

FreeDOS EDIT 0.9a (0.9.1.0) - Interrupt vector bug CONFIRMED

Eric Auer has independently confirmed the FD-EDIT interrupt vector trashing bug when creating new files via the menu. Please see/follow FreeDOS bug report #112 for more information.

[EDIT]Eric's noticed the bug is trashing Interrupt 00h - INT 00 - CPU-generated - DIVIDE ERROR as well.[/EDIT]

[EDIT2]This bug also highlighted another bug. I noted Marc Perkel's very helpful online version of Ralph Brown's interrupt list has a slight rendering issue which has corrupted at least 2 pages, e.g. Int 00h (overview page), Int 00h (index page). The word "interrupts" is wrong on all pages. I'm guessing Marc has recently rebuilt the Interrupt lists as I don't remember seeing these issues before. I have let Marc know and thanked him for hosting the list which is obviously very helpful to many folks[/EDIT2].

Back to the board
Thread view  Mix view  Order
15186 Postings in 1365 Threads, 250 registered users, 21 users online (1 registered, 20 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum