From 0a66e143071d423b118e677c5e5b1a8a77a2923b Mon Sep 17 00:00:00 2001
From: Ben10do <Ben10do@users.noreply.github.com>
Date: Thu, 26 Jan 2017 18:16:54 +0000
Subject: [PATCH 1/2] Fix division by zero crashes in instructions

Previously, rgbasm could crash with a floating point exception if an
instruction includes a division or modulo by 0. Fixes #49.
---
 src/asm/rpn.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/asm/rpn.c b/src/asm/rpn.c
index 3a8dba27..2bc9d94c 100644
--- a/src/asm/rpn.c
+++ b/src/asm/rpn.c
@@ -316,6 +316,9 @@ rpn_DIV(struct Expression * expr, struct Expression * src1,
     struct Expression * src2)
 {
 	joinexpr();
+	if (src2->nVal == 0) {
+		fatalerror("division by zero");
+	}
 	expr->nVal = (expr->nVal / src2->nVal);
 	pushbyte(expr, RPN_DIV);
 }
@@ -325,6 +328,9 @@ rpn_MOD(struct Expression * expr, struct Expression * src1,
     struct Expression * src2)
 {
 	joinexpr();
+	if (src2->nVal == 0) {
+		fatalerror("division by zero");
+	}
 	expr->nVal = (expr->nVal % src2->nVal);
 	pushbyte(expr, RPN_MOD);
 }

From 951c9b66f40592d26fc9cd9f97b05af3a7cb711e Mon Sep 17 00:00:00 2001
From: Ben10do <Ben10do@users.noreply.github.com>
Date: Thu, 26 Jan 2017 22:01:03 +0000
Subject: [PATCH 2/2] Don't segfault on null bytes in REPTs and MACROs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, the copyrept() and copymacro() functions would halt their
first loop (in which they determine the length of the block)
prematurely,  causing an underflow when setting len, eventually causing
memory issues.

Whilst this doesn’t solve the len underflow entirely (e.g. if the file
ends immediately without an ENDR/ENDM), it should help with this exact
scenario of null bytes (as #50).
---
 src/asm/asmy.y | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/asm/asmy.y b/src/asm/asmy.y
index 29dd9f01..ae927ff3 100644
--- a/src/asm/asmy.y
+++ b/src/asm/asmy.y
@@ -142,8 +142,9 @@ void	copyrept( void )
 {
 	SLONG	level=1, len, instring=0;
 	char	*src=pCurrentBuffer->pBuffer;
+	char	*bufferEnd = pCurrentBuffer->pBufferStart + pCurrentBuffer->nBufferSize;
 
-	while( *src && level )
+	while( src < bufferEnd && level )
 	{
 		if( instring==0 )
 		{
@@ -217,8 +218,9 @@ void	copymacro( void )
 {
 	SLONG	level=1, len, instring=0;
 	char	*src=pCurrentBuffer->pBuffer;
+	char	*bufferEnd = pCurrentBuffer->pBufferStart + pCurrentBuffer->nBufferSize;
 
-	while( *src && level )
+	while( src < bufferEnd && level )
 	{
 		if( instring==0 )
 		{