Picked from the commit at fe1c4dc7fe
The referenced issue is at https://github.com/dosemu2/fdpp/issues/212
The patch was applied using unix2dos on the patch file
then `patch -p1 --binary` with the patch file as stdin.
The original used a new define for the maximum path length.
As there is no difference to our current SFTMAX define I
changed this hunk to retain the SFTMAX use.
This fixes a bug when eg function 3Dh receives a buffer
that starts with ".\" but the byte in memory before this
buffer happens to be also a dot. I ran into this problem
semi-randomly during building EDR-DOS with the most recent
WarpLink build. If WarpLink was placed somewhat low in the
Low Memory Area then one of its function 3Dh calls would
happen to have a dot before the pathname buffer. (I had to
load lCDebug using the last fit strategy then enter TSR mode,
to catch the bug without the presence of the debugger working
around the occurrence of the bug.)
Original commit Metadata:
From: Stas Sergeev <stsp@users.sourceforge.net>
Date: Wed, 1 Feb 2023 13:01:55 +0500
Subject: [PATCH] truename: fix array overrun [fixes#212]
src[-2] was peeking into a random memory location.
It seems entire truename() is written by some morons... :(
Its completely unreadable and full of bugs.
lDebug wants to access the environment while executing
as a device driver. Instead of building it in a variable
then copying it to 68h:0 after FDCONFIG.SYS processing,
just build it there to begin with.
To be able to return free space on larger non local disks, the redirector
needs an extension. Dosemu2 has implemented this function and FDPP
has an almost identical patch to this. If the extension is not
implemented by your chosen redirector, then fallback to the standard
110c function is done for int21/7303.
With this patch up to 2TB (with Dosemu2 reporting in 512 blocks) can be
displayed.
This should be compatible to Enhanced DR-DOS.
Tested by building a boot image like the following:
nasm ../ldosmbr/oldmbr.asm -o oldmbr.bin
nasm ../ldosboot/boot.asm -D_FAT16=1 -I ../lmacros/ \
-D_LOAD_NAME="'LDEBUG'" -o boot16.bin
nasm bootimg.asm -I ../lmacros/ -o disk16.img \
-D_MBR -D_ALIGNDATA -D_BOOTPATCHFILE=boot16.bin \
-D_MBRPATCHFILE=oldmbr.bin -D_BPE=16 \
-D_SPI='(_SPC * 5000)' -D_NUMROOT=512 -D_SPC=256 \
-D_SPF='((_SPI / _SPC + 255) / 256)' \
-D_PAYLOADFILE=../ldebug/bin/ldebug.com,quit.com,\
::rename,../k256spc/bin/kernel.sys,kernel.sys,\
command.com,::fill,1,32,autoexec.bat
The repos bootimg, ldosboot, ldosmbr, and lmacros are
available at https://hg.pushbx.org/ecm/
The file ldebug.com is a recent bootable lDebug debugger.
The file command.com is a recent FreeCOM. The file quit.com
is assembled with NASM from
https://hg.pushbx.org/ecm/ldebug/file/e6035c05670a/misc/quit.asm
Run like this:
qemu-system-i386 -hda disk16.img -boot order=c -display curses
To the lDebug prompt "-" enter "boot protocol freedos",
then a "q" command. On success, the quit.com command
can be run to quit the qemu VM.
Not yet done:
- initdisk.c:512 uses MAXCLUSTSIZE defined to 128. This is
not difficult to change but it is unclear whether this
should be changed.
- The boot loaders are not yet adjuscted, requiring use of
the ldosboot or lDebug loaders instead.
- A patch for FORMAT (copylefted) version 0.91u is available
from the Enhanced DR-DOS project. Mirrored in the directory at
https://pushbx.org/ecm/download/edrdos/freedos/
This should be easy enough to update to the most recent version.
This format has several advantages:
* The CONFIG block need not be moved.
* The entire compressed image (depacker and payload) need
not be moved another time before the UPX depacker's own
operation.
* The CONFIG block always lives at 00602h, and the kernel
need not be aware whether it was compressed for detecting
which CONFIG block to use.
* Support for compressed images beyond 64 KiB for free.
(The assembly define TEST_FILL_INIT_TEXT can be passed in
NASMENV to test this support with 32 KiB of LFSR output.)
* A subsequent commit will shorten the stub to 64 bytes,
compared to the prior 32 + 45 = 77 bytes, with no loss
of features. (The packed payload is a bit shorter too.)
* The new stub also sets ds and es to the segment value
that would point to the DOS/EXE process's PSP. This is
apparently not used by the UPX depacker but could be in
a future or past version, or if another packer is used.
Some assembly tricks:
* SMC instead of checking the XMS driver address
in the DOS DS stub,
* SMC so that the address goes right into a
`call far immediate` instruction,
* use `repe cmpsw` to compare multiple words (saves
space over the individual word compares),
* near calls to far functions use push cs to build
a far-call stack frame,
* segments 0 and FFFFh generated by segment arithmetic
instead of loading from memory,
* common case (A20 already enabled) made to be the case
where the conditional branch just falls through, which
may be slightly better.
