Merge branch 'original'

Author: snipsnipsnip

ldmicro/CHANGES.txt

@@ -1,4 +1,10 @@
 
+== Release 2.3
+
+    * Fix buffer overrun or write to null pointer if Windows sends an
+      LVN_GETDISPINFO without a valid item.pszText, which happens now
+      under Win10.
+
 == Release 2.2
 
     * Fix a problem with the ANSI C target when the program had bit and

ldmicro/helpdialog.cpp

@@ -63,8 +63,8 @@ static char *AboutText[] = {
 "",
 "    http://cq.cx/ladder.pl",
 "",
-"Copyright 2005-2010 Jonathan Westhues",
-"Release 2.2, built " __TIME__ " " __DATE__ ".",
+"Copyright 2005-2016 Jonathan Westhues",
+"Release 2.3, built " __TIME__ " " __DATE__ ".",
 "",
 "Email: user jwesthues, at host cq.cx",
 "",

ldmicro/intcode.cpp

@@ -891,8 +891,13 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut)
 
             // This is a table of characters to transmit, as a function of the
             // sequencer position (though we might have a hole in the middle
-            // for the variable output)
-            char outputChars[MAX_LOOK_UP_TABLE_LEN];
+            // for the variable output); positive is an unsigned character,
+            // negative is special flag values
+            enum {
+                OUTPUT_DIGIT = -1,
+                OUTPUT_SIGN = -2,
+            };
+            int outputChars[MAX_LOOK_UP_TABLE_LEN];
 
             BOOL mustDoMinus = FALSE;
 
@@ -917,7 +922,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut)
                     p++;
                     if(*p == '-') {
                         mustDoMinus = TRUE;
-                        outputChars[steps++] = 1;
+                        outputChars[steps++] = OUTPUT_SIGN;
                         p++;
                     }
                     if(!isdigit(*p) || (*p - '0') > 5 || *p == '0') {
@@ -928,7 +933,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut)
                     digits = (*p - '0');
                     int i;
                     for(i = 0; i < digits; i++) {
-                        outputChars[steps++] = 0;
+                        outputChars[steps++] = OUTPUT_DIGIT;
                     }
                 } else if(*p == '\\') {
                     p++;
@@ -960,7 +965,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut)
                             break;
                     }
                 } else {
-                    outputChars[steps++] = *p;
+                    outputChars[steps++] = (unsigned char)*p;
                 }
                 if(*p) p++;
             }
@@ -1013,7 +1018,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut)
             int i;
             int digit = 0;
             for(i = 0; i < steps; i++) {
-                if(outputChars[i] == 0) {
+                if(outputChars[i] == OUTPUT_DIGIT) {
                     // Note gross hack to work around limit of range for
                     // AVR brne op, which is +/- 64 instructions.
                     Op(INT_SET_VARIABLE_TO_LITERAL, "$scratch", i);
@@ -1063,7 +1068,7 @@ static void IntCodeFromCircuit(int which, void *any, char *stateInOut)
                     Op(INT_END_IF);
 
                     digit++;
-                } else if(outputChars[i] == 1) {
+                } else if(outputChars[i] == OUTPUT_SIGN) {
                     // do the minus; ugliness to get around the BRNE jump
                     // size limit, though
                     Op(INT_SET_VARIABLE_TO_LITERAL, "$scratch", i);

ldmicro/iolist.cpp

@@ -772,6 +772,15 @@ void IoListProc(NMHDR *h)
     switch(h->code) {
         case LVN_GETDISPINFO: {
             NMLVDISPINFO *i = (NMLVDISPINFO *)h;
+            if(!((i->item.mask & LVIF_TEXT) &&
+                 (i->item.pszText) &&
+                 (i->item.cchTextMax > 200)))
+            {
+                // This test didn't used to be present, and Windows 10 now
+                // sends an LVN_GETDISPINFO that fails it, which would
+                // otherwise cause us to write to a null pointer.
+                break;
+            }
             int item = i->item.iItem;
             switch(i->item.iSubItem) {
                 case LV_IO_PIN: