From: mutazilah@nospicedham.gmail.com   
      
   On Saturday, June 24, 2023 at 11:55:00 PM UTC+8, Tavis Ormandy wrote:   
      
   Hi Tavis. Thanks for your reply.   
      
   > Ah, as soon as I hit send I realized what you were saying - you don't    
   > think there's a miscompilation. You're saying the write to ss:[bx] isn't    
   > working, and you suspect the lea is to blame?    
      
   Correct.   
      
   > It seems correct to me, the base should be irrelevant and the actual    
   > write has the correct override. I don't know what could be causing    
   > that!   
      
   Ok, thanks for the analysis. I thought I might have been doing   
   something that was fundamentally and obviously wrong by   
   having ss != ds, and the lea showed that up.   
      
   A piece of information I forgot to give was that making the   
   buffer static (so referenced by ds instead of ss), made the   
   problem go away.   
      
   So now that no-one is aware of anything that is obviously   
   wrong, I thought of a way of getting more information by   
   creating a second set of dump functions, one of them using   
   "static".   
      
   Here is what I see when I use the static version, and the   
   new debug shown below, and Bochs instead of qemu   
   so that I can capture a screen:   
      
   Booting from Floppy...   
   5bb3351253525050PPRSPPPP   
      
   which is:   
      
   5bb3:3512 (data section of PDOS)   
      
   53525050 (SRPP - first 4 bytes treated as a 32-bit long)   
      
   PPRSPPPP (the expected buffer printing correctly)   
      
      
   And here is what I see when the buffer is on the stack:   
      
      
   Booting from Floppy...   
   0a6bfed850505050PPPPPPPP   
      
   which is:   
      
   0a6b:fed8   
      
   the stack area from the loader:   
      
   0A6B:0   DGROUP (from pload.map)   
      
   50505050 (no sign of my 52 and 53)   
      
   PPPPPPPP (and this is not what I want)   
      
      
   Any ideas? Current debug code below.   
      
   I really am expecting that the "lea" gives an address   
   relative to ds rather than ss. Although I read that   
   lea is a simple arithmetic operation, which would   
   mean it is unrelated to either the ds or ss value.   
   But that doesn't sound right to me. I think it needs   
   to be relative to something by definition, and I   
   would hope that a bp reference is relative to ss.   
      
   Also note that I changed this so that it is within   
   the first 4 bytes so that a "long" can see both   
   bytes.   
      
   +    buf[2-y] = 'R';   
   +    buf[3] = 'P';   
   +    buf[3+y] = 'S';   
      
   Thanks. Paul.   
      
      
      
   diff --git a/src/pdos.c b/src/pdos.c   
   index 0459c3ab..c35bc927 100644   
   --- a/src/pdos.c   
   +++ b/src/pdos.c   
   @@ -885,6 +885,10 @@ void pdosRun(void)   
    #ifdef __32BIT__   
        printf("Welcome to PDOS/386 (aka PD-Windows)\n");   
    #else   
   +/*dumpbuf("XY", 2);*/   
   +dumplong((long)5);   
   +for (;;) ;   
   +printf("Z");   
        printf("Welcome to PDOS/86\n");   
    #endif   
        PosSetVideoAttribute(0x7);   
   @@ -5828,17 +5832,71 @@ static void accessDisk(int drive)   
        return;   
    }   
       
   -void dumplong(unsigned long x)   
   +void dumpbuf2(unsigned char *buf, int len);   
   +   
   +void dumplong2(unsigned long x)   
    {   
   -    int y;   
   +    static int y;   
        char *z = "0123456789abcdef";   
   -    char buf[9];   
   +    static char buf[9];   
   +   
   +    for (y = 0; y < 8; y++)   
   +    {   
   +        buf[7 - y] = z[x & 0x0f];   
   +        x /= 16;   
   +    }   
   +    buf[8] = '\0';   
   +    dumpbuf2(buf, 8);   
   +    return;   
   +}   
   +   
   +void dumpbuf2(unsigned char *buf, int len)   
   +{   
   +    int x;   
   +   
   +    for (x = 0; x < len; x++)   
   +    {   
   +        pdosWriteText(buf[x]);   
   +    }   
   +    return;   
   +}   
       
   +void dumplong(unsigned long x)   
   +{   
   +    static int y;   
   +    char *z = "0123456789abcdef";   
   +    char buf[9]; /* using static makes it work */   
   +   
   +    y = 0;   
   +    buf[0] = 'P';   
   +    buf[1] = 'P';   
   +    buf[2] = 'P';   
   +    buf[2-y] = 'R';   
   +    buf[3] = 'P';   
   +    buf[3+y] = 'S';   
   +    buf[4] = 'P';   
   +    buf[5] = 'P';   
   +    buf[6] = 'P';   
   +    buf[7] = 'P';   
   +#if 0   
        for (y = 0; y < 8; y++)   
        {   
            buf[7 - y] = z[x & 0x0f];   
            x /= 16;   
   +#if 0   
   +        buf[7 - y] = 'V'; /* z[x & 0x0f]; */   
   +        /* x /= 16; */   
   +        if (x != 333)   
   +        {   
   +            buf[7] = 'H';   
   +            dumpbuf(&buf[7], 1);   
   +            buf[7-y] = 'G';   
   +            dumpbuf(&buf[7-y], 1);   
   +            dumpbuf(&buf[7], 1);   
   +        }   
   +#endif   
        }   
   +#endif   
        buf[8] = '\0';   
        dumpbuf(buf, 8);   
        return;   
   @@ -5848,6 +5906,9 @@ void dumpbuf(unsigned char *buf, int len)   
    {   
        int x;   
       
   +/* buf is 0a6b:fedf */   
   +    dumplong2((long)buf);   
   +    dumplong2((long)*(long *)buf);   
        for (x = 0; x < len; x++)   
        {   
            pdosWriteText(buf[x]);   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)