Safeguarding the past, present and future of RISC OS for everyone
Account
News | Downloads | Bugs | Bounties | Forums | Library

Previous

  • Tickets
  • » Ticket #656

Ticket #656 (Open)Wed Feb 26 16:21:29 UTC 2025

Serious memory corruption in BBC Basic (since 1987)

Reported by: nemo (145) Severity: Critical
Part: RISC OS: Module Release:
Milestone: Status Open

Details by nemo (145):

The error-message generation in MSG uses STRACC via R8 (ARGP) before passing the resulting error block to the error handler. The error handler resets R8 in case it is not ARGP, but MSG does not.

In ten different places in the whole-array code, R8 is used as a pointer into an array, so if there is any kind of numerical error – DivBy0, TooBig etc – MSG then writes the error report over the array, and potentially over whatever follows the array in memory.

The bug has been there since 1987 in various forms. MSG must reset R8 to ARGP before using it.

  • Comment on, or change status of, this ticket

Previous

Search tickets

Social

Follow us on and

ROOL Store

Buy RISC OS Open merchandise here, including SD cards for Raspberry Pi and more.

Donate! Why?

Help ROOL make things happen – please consider donating!

RISC OS IPR

RISC OS is an Open Source operating system owned by RISC OS Developments Ltd and licensed primarily under the Apache 2.0 license.

Options

  • Tickets
  • New ticket
  • Milestones
  • Subversion: Changesets
  • Subversion: Browse
  • CVS: Revisions
  • CVS: Browse
  • Search

RSS feeds Rss

  • Tickets
  • Everything!
  • More feeds...
Contact Us  |  About Us

The RISC OS Open Collaboa theme is distantly based on the Collaboa default layout
Site design © RISC OS Open Limited 2024 except where indicated

Hosted by Arachsys

Powered by Collaboa
This site runs on Rails