fix(amd64-386): sample oscillator hard crash

The sample-based oscillators converted the samplepos to an integer and did samplepos < loop_end comparison to check if we are past looping. Unfortunately, the < comparison was done in signed math. Normally, this should never happen, but if the x87 FPU stack overflowed exactly at right position, we then got 0x80000000 in samplepos, which is equal to -2147483648. Thus, we considered that sample is not looping and read the sample table at position -2147483648, well out of bound. TL;DR changing jl to jb makes sure we always wrap within to sample table, no matter what. Fixes #149.
2025-07-17 20:44:29 -04:00 · 2024-09-22 09:04:47 +03:00
parent 4ee355bb45
commit 0e10cd2ae8
4 changed files with 64 additions and 1 deletions
--- a/vm/compiler/templates/amd64-386/sources.asm
+++ b/vm/compiler/templates/amd64-386/sources.asm
@ -338,7 +338,7 @@ su_oscillat_gate_bit:                           ; stack: 0/1, let's call it x
    pop     {{.DX}}                                             ; edx is now the sample number
    movzx   ebx, word [{{.DI}} + 4]    ; ecx = loopstart
    sub     edx, ebx                                        ; if sample number < loop start
-    jl      su_oscillat_sample_not_looping                  ;   then we're not looping yet
+    jb      su_oscillat_sample_not_looping                  ;   then we're not looping yet
    mov     eax, edx                                        ; eax = sample number
    movzx   ecx, word [{{.DI}} + 6]   ; edi is now the loop length
    xor     edx, edx                                        ; div wants edx to be empty