From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Tue, 16 Sep 1997 13:39:52 -0500 From: G. David Butler gdb@dbSystems.com Subject: [9fans] Re: Bug in sysrendezvous? Topicbox-Message-UUID: 6619ab72-eac8-11e9-9e20-41e7f4b1d025 Message-ID: <19970916183952.QCcp2mXHT6C0G0pzbUh25pEaWYIhWwreCXPADegJGSw@z> From: Amos Shapir Date: Mon, 3 Jun 1996 09:59:36 -0400 > >The "tag" operand of rendezvous is defined as ulong; but in the >function sysrendezvous (in sysproc.c), it's copied into an int, which >is used as an index in a table by the REND macro. If I'm mistaken >correctly, this means that if the tag is negative, the resulting >pointer would point *outside* the table! > >I guess this bug was not discovered because the tag is usually an >address in user space, but nothing in the manual suggests it has to be >below 0x80000000 (or that it shouldn't be 0xdeadbeef...) > >Did anybody else had any trouble with this? Did you? I am now getting into the rendezvous stuff and looked back and found your mail. Did you do anything about this? If so, what? Perhaps just casting the value to a ulong before the hash calc will work? All that is really needed is the remainder. (positive of course.) change #define REND(p,s) ((p)->rendhash[(s)%RENDHASH]) to #define REND(p,s) ((p)->rendhash[(ulong)(s)%RENDHASH]) David Butler gdb@dbSystems.com