POLL(2) corrupts pollfd struct when nfds > NPOLLFILE
stephen.a.rago
sar0 at cbnewsl.att.com
Sun Jun 10 13:42:05 AEST 1990
In article <1300 at adds.newyork.NCR.COM>, tanya at adds.newyork.NCR.COM (Tanya Katz) writes:
>
> Calling poll(2) with nfds > NPOLLFILE causes corruption of the pollfd
> structure at offsets > NPOLLFILE.
> The O/S we are using is Unix v.3 Release 1.01 for the NCR Tower 32/700.
> If nfds > NPOLLFILE, the kernel code loops through the pollfd array
> in chunks of NPOLLFILE. The problem arises when copyin() is called
> to copy user data into kernel space.
> If nfds > NPOLLFILE the pointer to the user pollfd structure is never
> advanced and the copyin() routine always copies the same user data
> into the kernel structure.
> When copyout() is called the user data, beginning with offsets >
> NPOLLFILE, is overwritten with the data from the beginning of the table.
> Anyone have similar experiences?
Yeah, SVR3.2 fixes this problem.
Steve Rago
sar at attunix.att.com
More information about the Comp.unix.wizards
mailing list