From mboxrd@z Thu Jan  1 00:00:00 1970
From: quanstro@labs.coraid.com (erik quanstrom)
Date: Tue, 29 Mar 2011 15:05:06 -0400
Subject: [9fans] problem with rminnich's 9vx
In-Reply-To: <93e7f16f74e02c457615970a0b22d7fd@terzarima.net>
References: <93e7f16f74e02c457615970a0b22d7fd@terzarima.net>
Message-ID: <f0c2709cec07d0b5d9859559cee4d03c@coraid.com>
Topicbox-Message-UUID: c365a944-ead6-11e9-9d60-3106f5b1d025

On Tue Mar 29 12:48:21 EDT 2011, forsyth at terzarima.net wrote:
> in fact, even 64k might be too big a value for the given buf if it's near the
> top of memory (eg, a local variable on a stack that's in high memory);
> the PowerPC reference in the original comment is misleading because that
> was just a particular system where the general problem appeared.

if that's the case, isn't this already a bug.  the stack doesn't go past
the end of memory, so how could sprint(buf, "x") not overwrite junk
past the end of the stack anyway?

also, since this is the kernel, you either get a 4k or a 4k - sizeof(Mach)
structure (depending on if up is set or not), so the maximum sprint
to something on the stack is always going to be < 4k.

- erik