search for: cardpin

...> Thank you all for taking a look at this. I pasted the C source then > deleted it because I was afraid that it was too long to read... > > Here's the code of *foo*. Its real name is *verifyPIN*. The variable *bar* > is *userPin*. > > int *verifyPIN*(char **userPin*, char *cardPin, int *cpt) > { > int i; > int status; > int diff; > > if (*cpt > 0) { > status = 0x55; > diff = 0x55; > > for (i = 0; i < 4; i++) { > if (*userPin*[i] != cardPin[i]) { > diff = 0xAA; > } > } > > if...

Thank you all for taking a look at this. I pasted the C source then deleted it because I was afraid that it was too long to read... Here's the code of *foo*. Its real name is *verifyPIN*. The variable *bar* is *userPin*. int *verifyPIN*(char **userPin*, char *cardPin, int *cpt) { int i; int status; int diff; if (*cpt > 0) { status = 0x55; diff = 0x55; for (i = 0; i < 4; i++) { if (*userPin*[i] != cardPin[i]) { diff = 0xAA; } } if (diff == 0x55) { status = 0xAA; } else { status = 0x55;...

....com>> wrote: > Thank you all for taking a look at this. I pasted the C source then deleted it because I was afraid that it was too long to read... > > Here's the code of foo. Its real name is verifyPIN. The variable bar is userPin. > > int verifyPIN(char *userPin, char *cardPin, int *cpt) > { > int i; > int status; > int diff; > > if (*cpt > 0) { > status = 0x55; > diff = 0x55; > > for (i = 0; i < 4; i++) { > if (userPin[i] != cardPin[i]) { > diff = 0xAA; > } > } > > i...

As Adrian said, we'd need to see the source of foo() to assess what the location-list for bar ought to be. Without actually going to look, I would guess that 'poplt' is considered a conditional move, therefore r4's contents are not guaranteed after it executes (i.e. it is a clobber). If one operand of 'poplt' is 'pc' then of course it is also a conditional indirect