From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Mon,  3 Jun 1996 09:59:36 -0400
From: Amos Shapir amos@cs.huji.ac.il
Subject: Bug in sysrendezvous?
Topicbox-Message-UUID: 46c757ec-eac8-11e9-9e20-41e7f4b1d025
Message-ID: <19960603135936.ZzxYZSowRs5aBKQxt_HPlbWLNZKCqhEjdyKKLc3utlw@z>

The "tag" operand of rendezvous is defined as ulong; but in the
function sysrendezvous (in sysproc.c), it's copied into an int, which
is used as an index in a table by the REND macro.  If I'm mistaken
correctly, this means that if the tag is negative, the resulting
pointer would point *outside* the table!

I guess this bug was not discovered because the tag is usually an
address in user space, but nothing in the manual suggests it has to be
below 0x80000000 (or that it shouldn't be 0xdeadbeef...)

Did anybody else had any trouble with this?

	Amos Shapir		Net: amos@cs.huji.ac.il
Paper: The Hebrew Univ. of Jerusalem, Dept. of Comp. Science.
       Givat-Ram, Jerusalem 91904, Israel
GEO: 35 11 46 E / 31 46 21 N