Changes between Version 5 and Version 6 of Ticket #10814, comment 30
- Timestamp:
- 11/23/18 21:15:04 (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #10814, comment 30
v5 v6 18 18 I'll quote the disasm of wipeSpell again, for juxtaposition. 19 19 {{{ 20 002d:0494: 67 16 pTos state[16] 21 002d:0496: 35 01 ldi 01 22 002d:0498: 1a eq? 23 002d:0499: 30 88 00 bnt 0088 [0524] 20 24 002e:0404: 78 push1 21 25 002e:0405: 72 10 00 lofsa horror[1694] … … 43 47 This time, the void func 'returns' a 1. 44 48 45 Which makes the OR arithmetic superficially valid. The object arg had been loaded directly into the stack from a global (lsg). Looking back farther, the last value of acc came from the **count** of arguments.49 Which makes the OR arithmetic superficially valid. The object arg had been loaded directly into the stack from a global (lsg). 46 50 47 In the event that a call's arg count were NOT pushed, the leaked accumulator could get weirder still, even causing the void func to 'return' 0. 51 Looking back farther, the last value of acc came from... [**EDIT**] An unrelated "state == 1" property test! 52 53 The leaked accumulator could get weirder, even causing the void func to 'return' 0. 48 54 \\ 49 55 \\ 50 EDIT: No, push1 doesn't involve acc either I'll look back farther...56 EDIT: I'd initially blamed the arg count (push1), but that doesn't involve acc.
