search for: verifypin

...n Tuan Vu On Fri, Apr 27, 2018 at 7:29 PM, Son Tuan VU <sontuan.vu119 at gmail.com> wrote: > Thank you all for taking a look at this. I pasted the C source then > deleted it because I was afraid that it was too long to read... > > Here's the code of *foo*. Its real name is *verifyPIN*. The variable *bar* > is *userPin*. > > int *verifyPIN*(char **userPin*, char *cardPin, int *cpt) > { > int i; > int status; > int diff; > > if (*cpt > 0) { > status = 0x55; > diff = 0x55; > > for (i = 0; i < 4; i++) { > if...

Thank you all for taking a look at this. I pasted the C source then deleted it because I was afraid that it was too long to read... Here's the code of *foo*. Its real name is *verifyPIN*. The variable *bar* is *userPin*. int *verifyPIN*(char **userPin*, char *cardPin, int *cpt) { int i; int status; int diff; if (*cpt > 0) { status = 0x55; diff = 0x55; for (i = 0; i < 4; i++) { if (*userPin*[i] != cardPin[i]) { diff = 0xAA; } }...

...7:29 PM, Son Tuan VU <sontuan.vu119 at gmail.com <mailto:sontuan.vu119 at gmail.com>> wrote: > Thank you all for taking a look at this. I pasted the C source then deleted it because I was afraid that it was too long to read... > > Here's the code of foo. Its real name is verifyPIN. The variable bar is userPin. > > int verifyPIN(char *userPin, char *cardPin, int *cpt) > { > int i; > int status; > int diff; > > if (*cpt > 0) { > status = 0x55; > diff = 0x55; > > for (i = 0; i < 4; i++) { > if (userPin[i]...

As Adrian said, we'd need to see the source of foo() to assess what the location-list for bar ought to be. Without actually going to look, I would guess that 'poplt' is considered a conditional move, therefore r4's contents are not guaranteed after it executes (i.e. it is a clobber). If one operand of 'poplt' is 'pc' then of course it is also a conditional indirect