Posted on February 23, 2004 at 03:08Can anyone see a bug in this code which would allow the stack pointer to be modified?
ROM:8A30 WRITETOEEPROMX: ; CODE XREF: WRITEATOEEFROMX+9j
ROM:8A30 ; WRITEATOEEFROMX+Ej ...
ROM:8A30 83 trap
ROM:8A31 CD 82 23 call ENABLEINTERRUPTS
ROM:8A34 AD 0D callr KILLWRITEOKBITS
ROM:8A34 ; End of function WRITEATOEEFROMX
ROM:8A34
ROM:8A36
ROM:8A36 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
ROM:8A36
ROM:8A36
ROM:8A36 EECONTEXTRESTR: ; CODE XREF: WRITEATOEEFROMX+17p
ROM:8A36 ; WRITEATOEEFROMX+1Cp ...
ROM:8A36 B6 72 ld a, EESAVERCADRH
ROM:8A38 B7 4A ld RC1ADDRH, a
ROM:8A3A B6 73 ld a, EESAVERCADRL
ROM:8A3C B7 4B ld RC1ADDRL, a
ROM:8A3E B6 70 ld a, SW1
ROM:8A40 BE 71 ld x, SW2
ROM:8A42 81 ret
ROM:46A0 SMOD3JMPXA: ; CODE XREF: SETUPBLOCKOUT+1p
ROM:46A0 3F 5E clr NUMINFOBYTES ; Init # bytes in info field
ROM:46A2 3F 5F clr INFOFIELDPTR ; Init pointer into info field
ROM:46A4 CF 01 A5 ld SELDMOD3_01, x ; Save address of routine that will
ROM:46A7 C7 01 A6 ld SELDMOD3_02, a ; build the output message
ROM:46AA A6 5A ld a, #$5A ; Get a JMP $XXXX instruction
ROM:46AC C7 01 A4 ld SELDMOD3_00, a ; at SELFMOD3
ROM:46AF 3F 61 clr MSGOUTPTR ; Clear pointer to current byte #
ROM:46B1 05 50 0A btjf FLAGS0, #2, loc_0_46BE
ROM:46B4 CD 46 0C call BUILDMSGFROMSM3
ROM:46B7 10 0B bset UARTREG, #0
ROM:46B9 CD 82 23 call ENABLEINTERRUPTS
ROM:46BC 9A rim
ROM:46BD 81 ret
ROM:46BE ; ---------------------------------------------------------------------------
