On Sat, 1 Aug 2009, Russ Cox wrote:
calling vmemchr assumes that the memory isn't being changed
by some other proc mapping the same page. if you find the
NUL in one pass and then call strcpy or strlen on the pointer
later, the other proc might have pulled the NUL in the interim.
With you so f
There exist crash bugs in some of the system call handlers to do with
string validation; sometimes, only the first byte of an argument string is
validated. The following program reliably causes a kernel panic for me:
#include
#include
#define SEGBASE (char*)0x4000
#define SEGSIZE 4096
i
On Thu, 30 Jul 2009, erik quanstrom wrote:
On Thu Jul 30 00:05:45 EDT 2009, el...@andrew.cmu.edu wrote:
My familiarity with the kernel source code is superficial to say the
least, but it seems to me that this code (from /sys/src/9/pc/trap.c)
contains a race condition:
702 if(sp<(USTK
