https://github.com/akkartik/mu/blob/main/313index-bounds-check.subx
1
2
3
4 == code
5
6 __check-mu-array-bounds:
7
8 55/push-ebp
9 89/<- %ebp 4/r32/esp
10
11 50/push-eax
12 51/push-ecx
13 52/push-edx
14
15
16 8b/-> *(ebp+0x10) 1/r32/ecx
17
18 ba/copy-to-edx 0/imm32
19
20 8b/-> *(ebp+8) 0/r32/eax
21 f7 4/subop/multiply-eax-with *(ebp+0xc)
22
23 81 7/subop/compare %edx 0/imm32
24 0f 85/jump-if-!= __check-mu-array-bounds:overflow/disp32
25
26 39/compare %eax 1/r32/ecx
27 0f 82/jump-if-unsigned< $__check-mu-array-bounds:end/disp32
28
29 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 "fn " 3 0)
30 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 *(ebp+0x14) 3 0)
31 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 ": offset " 3 0)
32 (draw-int32-hex-wrapping-right-then-down-from-cursor-over-full-screen 0 %eax 3 0)
33 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 " is too large for array '" 3 0)
34 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 *(ebp+0x18) 3 0)
35 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 "'" 3 0)
36 {
37 eb/jump loop/disp8
38 }
39
40 $__check-mu-array-bounds:end:
41
42 5a/pop-to-edx
43 59/pop-to-ecx
44 58/pop-to-eax
45
46 89/<- %esp 5/r32/ebp
47 5d/pop-to-ebp
48 c3/return
49
50 __check-mu-array-bounds:overflow:
51 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 "fn " 3 0)
52 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 *(ebp+0x14) 3 0)
53 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 ": offset to array '" 3 0)
54 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 *(ebp+0x18) 3 0)
55 (draw-text-wrapping-right-then-down-from-cursor-over-full-screen 0 "' overflowed 32 bits" 3 0)
56 {
57 eb/jump loop/disp8
58 }
59