The current memfill routine causes errors.
It exceeds the buffer range by 4.
This version causes no crashes.




; #########################################################################

.386
.model flat, stdcall ; 32 bit memory model
option casemap :none ; case sensitive

.code

; #########################################################################

memfill proc lpmem:DWORD,ln:DWORD,fill:DWORD

mov edx, lpmem ; buffer address
mov eax, fill ; fill chars

mov ecx, ln ; byte length
shr ecx, 5 ; divide by 32
cmp ecx, 0
jz rmndr

align 4

; ------------
; unroll by 8
; ------------
@@:
mov [edx], eax ; put fill chars at address in edx
mov [edx+4], eax
mov [edx+8], eax
mov [edx+12], eax
mov [edx+16], eax
mov [edx+20], eax
mov [edx+24], eax
mov [edx+28], eax
add edx, 32
dec ecx
jnz @B

rmndr:

and ln, 31 ; get remainder
cmp ln, 0
je mfQuit

add ln, edx ; exit condition

@@:
mov [edx], eax
add edx, 4
cmp edx, ln
!! jle @B ; should be jl @B


mfQuit:

ret

memfill endp

; #########################################################################

end

Posted on 2002-03-13 14:56:12 by marsface
Robert,

Thanks for reporting this problem, I did extensive testing and never had a problem with it. What was the condition that it crashed ?

Regards,

hutch@movsd.com
Posted on 2002-03-13 19:50:12 by hutch--
I was clearing a local buffer



testPROC proc uses ebx edx esi dtext:DWORD

LOCAL buffs[6]:DWORD

invoke memfill, ADDR buffs, 24, 0

.
.
.

ret
testPROC endp


Using this function on data sections hasn't
made a crash, that's why i was despairing
for a while :)
Posted on 2002-03-14 00:08:02 by marsface
Robert,

Thanks, I can reproduce it with no problems so I will do some work on it to see what is happening.

Regards,

hutch@movsd.com
Posted on 2002-03-14 01:23:17 by hutch--
OK, its fixed, I had done the loop count for the remainder incorrectly and it ran a few more iterations of the loop than it should. It did not effect allocated memory but in the example of stack memory space, it caused a stack fault when it overran the buffer.

I have attached a replacement that performs to documentation. It should replace the version in the m32lib directory and the MAKE.BAT file should be run to rebuild the MASM32 library.

Regards and thanks for finding this problem.

hutch@movsd.com
Posted on 2002-03-14 02:08:25 by hutch--
It takes more than a few extra memory writes to cause trouble with
dynamically allocated memory, since this usually has a decent amount
of alignment (seems to be 8 bytes for HeapAlloc, I wonder where they
store the control structures though). For .data stuff, you'd have to
either overwrite following data and get "weird results", or write past
a section boundary to cause problems.

I'm amazed that such a trivial function has had such a serious bug,
and even more that it has gone unnoticed for such a long time...
Posted on 2002-03-14 04:32:37 by f0dder
hutch-- no problem, i'm happy if i can
contribute something useful. :)
Thanks for fixing!!

Small bugs ... big problems :)

Happy end, fodder :)
Bug is killed.
Posted on 2002-03-14 10:32:32 by marsface