From 76fccce27dcd7120931dc3a38283eeb207d78ac9 Mon Sep 17 00:00:00 2001 From: Mark Pizzolato Date: Thu, 16 May 2013 11:04:43 -0700 Subject: [PATCH] Fix for Issue #53 for DC, DL, and VH multiplexer devices --- PDP11/pdp11_dc.c | 12 +++++++++--- PDP11/pdp11_dl.c | 12 +++++++++--- PDP11/pdp11_vh.c | 12 +++++++++--- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/PDP11/pdp11_dc.c b/PDP11/pdp11_dc.c index 43b0afc1..222ef3c0 100644 --- a/PDP11/pdp11_dc.c +++ b/PDP11/pdp11_dc.c @@ -47,7 +47,7 @@ #include "sim_sock.h" #include "sim_tmxr.h" -#define DCX_MASK (DCX_LINES - 1) +#define DCX_MAXMUX (dcx_desc.lines - 1) /* Parity and modem control */ @@ -270,7 +270,10 @@ DEVICE dco_dev = { t_stat dcx_rd (int32 *data, int32 PA, int32 access) { -int32 ln = ((PA - dci_dib.ba) >> 3) & DCX_MASK; +int32 ln = ((PA - dci_dib.ba) >> 3); + +if (ln > DCX_MAXMUX) /* validate line number */ + return SCPE_IERR; switch ((PA >> 1) & 03) { /* decode PA<2:1> */ @@ -301,9 +304,12 @@ return SCPE_NXM; t_stat dcx_wr (int32 data, int32 PA, int32 access) { -int32 ln = ((PA - dci_dib.ba) >> 3) & DCX_MASK; +int32 ln = ((PA - dci_dib.ba) >> 3); TMLN *lp = &dcx_ldsc[ln]; +if (ln > DCX_MAXMUX) /* validate line number */ + return SCPE_IERR; + switch ((PA >> 1) & 03) { /* decode PA<2:1> */ case 00: /* dci csr */ diff --git a/PDP11/pdp11_dl.c b/PDP11/pdp11_dl.c index 6adaf578..8570e274 100644 --- a/PDP11/pdp11_dl.c +++ b/PDP11/pdp11_dl.c @@ -44,7 +44,7 @@ #include "sim_sock.h" #include "sim_tmxr.h" -#define DLX_MASK (DLX_LINES - 1) +#define DLX_MAXMUX (dlx_desc.lines - 1) #define DLI_RCI 0 /* rcv ints */ #define DLI_DSI 1 /* dset ints */ @@ -226,7 +226,10 @@ DEVICE dlo_dev = { t_stat dlx_rd (int32 *data, int32 PA, int32 access) { -int32 ln = ((PA - dli_dib.ba) >> 3) & DLX_MASK; +int32 ln = ((PA - dli_dib.ba) >> 3); + +if (ln > DLX_MAXMUX) /* validate line number */ + return SCPE_IERR; switch ((PA >> 1) & 03) { /* decode PA<2:1> */ @@ -257,9 +260,12 @@ return SCPE_NXM; t_stat dlx_wr (int32 data, int32 PA, int32 access) { -int32 ln = ((PA - dli_dib.ba) >> 3) & DLX_MASK; +int32 ln = ((PA - dli_dib.ba) >> 3); TMLN *lp = &dlx_ldsc[ln]; +if (ln > DLX_MAXMUX) /* validate line number */ + return SCPE_IERR; + switch ((PA >> 1) & 03) { /* decode PA<2:1> */ case 00: /* tti csr */ diff --git a/PDP11/pdp11_vh.c b/PDP11/pdp11_vh.c index 5ddb9b5e..5ab8a1e9 100644 --- a/PDP11/pdp11_vh.c +++ b/PDP11/pdp11_vh.c @@ -93,7 +93,7 @@ extern int32 tmxr_poll, clk_tps; #ifndef VH_MUXES #define VH_MUXES (4) #endif -#define VH_MNOMASK (VH_MUXES - 1) +#define VH_MAXMUX (vh_desc.lines/VH_LINES - 1) #if defined(VM_VAX) #if VEC_QBUS @@ -787,9 +787,12 @@ static t_stat vh_rd ( int32 *data, int32 PA, int32 access ) { - int32 vh = ((PA - vh_dib.ba) >> 4) & VH_MNOMASK, line; + int32 vh = ((PA - vh_dib.ba) >> 4), line; TMLX *lp; + if (vh > VH_MAXMUX) /* validate mux number */ + return SCPE_IERR; + switch ((PA >> 1) & 7) { case 0: /* CSR */ *data = vh_csr[vh] | dq_tx_report (vh); @@ -873,9 +876,12 @@ static t_stat vh_wr ( int32 data, int32 PA, int32 access ) { - int32 vh = ((PA - vh_dib.ba) >> 4) & VH_MNOMASK, line; + int32 vh = ((PA - vh_dib.ba) >> 4), line; TMLX *lp; + if (vh > VH_MAXMUX) /* validate mux number */ + return SCPE_IERR; + sim_debug(DBG_REG, &vh_dev, "vh_wr(PA=0x%08X [%s], access=%d, data=0x%X)\n", PA, ((vh_unit[vh].flags & UNIT_MODEDHU) ? vh_wr_dhu_regs : vh_wr_dhv_regs)[(PA >> 1) & 07], access, data);