Fix for NULL pointer dereference with Count/Copy/Wipe ops on duff FS

Each of the 3 wildcard accepting OS_FSControl options takes its own copies of
the paths in Util_CommonStart then frees the PassedFilename (and co). This is
generally OK because the src name is kept in a 'copy block' struct relative
to R7 (and, for Copy, the dst in a second struct relative to R8).

However, when needing to get info on objects or other low level operations,
if the FS is marked in the 'DuffFS' table it would then do a safety check for
multiple $'s in the PassedFilename and in doing so dereferences a NULL pointer.

Ref https://www.riscosopen.org/forum/forums/4/topics/17259

Since the filenames constructed by resolving wildcards for Count/Copy/Wipe are
all sanitised by Process_WildPathname we can skip the safety check; there will
only be 1 $ by then.

FSUtils3.s: Correct misleading comment
LowLevel.s: Avoid NULL pointer dereference, drop noisy debug on every FS lookup

Version 2.89. Tagged as 'FileSwitch-2_89'

VersionASM

@@ -9,12 +9,12 @@
                         GBLS    Module_ApplicationDate
                         GBLS    Module_HelpVersion
                         GBLS    Module_ComponentName
-Module_MajorVersion     SETS    "2.88"
-Module_Version          SETA    288
+Module_MajorVersion     SETS    "2.89"
+Module_Version          SETA    289
 Module_MinorVersion     SETS    ""
-Module_Date             SETS    "08 Sep 2021"
-Module_ApplicationDate  SETS    "08-Sep-21"
+Module_Date             SETS    "24 Dec 2022"
+Module_ApplicationDate  SETS    "24-Dec-22"
 Module_ComponentName    SETS    "FileSwitch"
-Module_FullVersion      SETS    "2.88"
-Module_HelpVersion      SETS    "2.88 (08 Sep 2021)"
+Module_FullVersion      SETS    "2.89"
+Module_HelpVersion      SETS    "2.89 (24 Dec 2022)"
                         END

VersionNum

-/* (2.88)
+/* (2.89)
  *
  * This file is automatically maintained by srccommit, do not edit manually.
  *
  */
-#define Module_MajorVersion_CMHG        2.88
+#define Module_MajorVersion_CMHG        2.89
 #define Module_MinorVersion_CMHG
-#define Module_Date_CMHG                08 Sep 2021
+#define Module_Date_CMHG                24 Dec 2022
 
-#define Module_MajorVersion             "2.88"
-#define Module_Version                  288
+#define Module_MajorVersion             "2.89"
+#define Module_Version                  289
 #define Module_MinorVersion             ""
-#define Module_Date                     "08 Sep 2021"
+#define Module_Date                     "24 Dec 2022"
 
-#define Module_ApplicationDate          "08-Sep-21"
+#define Module_ApplicationDate          "24-Dec-22"
 
 #define Module_ComponentName            "FileSwitch"
 
-#define Module_FullVersion              "2.88"
-#define Module_HelpVersion              "2.88 (08 Sep 2021)"
-#define Module_LibraryVersionInfo       "2:88"
+#define Module_FullVersion              "2.89"
+#define Module_HelpVersion              "2.89 (24 Dec 2022)"
+#define Module_LibraryVersionInfo       "2:89"

s/FSUtils3

@@ -701,7 +701,7 @@ Util_FreeFileStrings_R7 Entry "r1-r2"
 
 Util_FreeFileStrings_R8 ALTENTRY
 
- [ debugcopy ; Not used by wipe
+ [ debugcopy ; Not used by wipe or count
  DLINE "Freeing r8 leaf,dir"
  ]
         MOV     r1, r8

s/LowLevel

@@ -488,24 +488,18 @@ SortSpecialForFSEntry EntryS "r1,r2"
 
         ; Check if FS is duff
         AND     r14, r14, #&ff
- [ debugdollarstrip
-        BREG    r14, "FS#:",cc
- ]
         ADR     r2, DuffFSTable
         LDRB    r2, [r2, r14, LSR #3]
- [ debugdollarstrip
-        BREG    r2, " mask byte:",cc
- ]
         AND     r14, r14, #7
         MOV     r2, r2, LSR r14
- [ debugdollarstrip
-        BREG    r2, " shifted:"
- ]
         TST     r2, #1
         EXITS   EQ
 
         ; FS is duff - check PassedFilename for absence of $
         LDR     r2, PassedFilename
+        TEQ     r2, #0          ; <=> was called from FSUtils[2|3] which junk the passed filename
+        BEQ     %FT50           ; after expanding wildcards, so we know r1 is a canonicalised path
+                                ; and is safe to strip regardless of PassedFilename
  [ debugdollarstrip
         DSTRING r2,"Filing system is duff, checking for $s:"
  ]
@@ -516,7 +510,7 @@ SortSpecialForFSEntry EntryS "r1,r2"
         EXITS   EQ
         TEQ     lr, #0
         BNE     %BT40
-
+50
         ; $-Strip now on
  [ debugdollarstrip
         DSTRING r1,"$-strip ",cc
@@ -578,7 +572,7 @@ SortSpecialForFSEntry EntryS "r1,r2"
 ; In    r1 = pointer to path tail
 ;       fscb^
 ;
-; Out   r1 string has $. stripped if appropriate
+; Out   r1 string has $. re-added if appropriate
 ;
 SortSpecialForFSExit EntryS "r1,r2,r3"
 
@@ -599,13 +593,16 @@ SortSpecialForFSExit EntryS "r1,r2,r3"
 
         ; FS is duff - check PassedFilename for presence of $
         LDR     r2, PassedFilename
+        TEQ     r2, #0          ; <=> was called from FSUtils[2|3] which junk the passed filename
+        BEQ     %FT08           ; after expanding wildcards, so we know r1 is a canonicalised path
+                                ; and is safe to unstrip regardless of PassedFilename
 05
         LDRB    lr, [r2], #1
         TEQ     lr, #"$"
         EXITS   EQ
         TEQ     lr, #0
         BNE     %BT05
-
+08
  [ debugdollarstrip
         DSTRING r1,"$-insert ",cc
  ]