* Bug in sysrendezvous?
@ 1996-06-03 13:59 Amos
0 siblings, 0 replies; 2+ messages in thread
From: Amos @ 1996-06-03 13:59 UTC (permalink / raw)
The "tag" operand of rendezvous is defined as ulong; but in the
function sysrendezvous (in sysproc.c), it's copied into an int, which
is used as an index in a table by the REND macro. If I'm mistaken
correctly, this means that if the tag is negative, the resulting
pointer would point *outside* the table!
I guess this bug was not discovered because the tag is usually an
address in user space, but nothing in the manual suggests it has to be
below 0x80000000 (or that it shouldn't be 0xdeadbeef...)
Did anybody else had any trouble with this?
Amos Shapir Net: amos@cs.huji.ac.il
Paper: The Hebrew Univ. of Jerusalem, Dept. of Comp. Science.
Givat-Ram, Jerusalem 91904, Israel
GEO: 35 11 46 E / 31 46 21 N
^ permalink raw reply [flat|nested] 2+ messages in thread
* Bug in sysrendezvous?
@ 1996-06-03 16:56 philw
0 siblings, 0 replies; 2+ messages in thread
From: philw @ 1996-06-03 16:56 UTC (permalink / raw)
correct, stupid bug. the fix is to make the tag
unsigned.
long
sysrendezvous(ulong *arg)
{
Proc *p, **l;
ulong val, tag;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~1996-06-03 16:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1996-06-03 13:59 Bug in sysrendezvous? Amos
1996-06-03 16:56 philw
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).