Hi,
I'm debugging 32-bit ioctls over 64-bit LiS/kernel.
It works most of the time, but then it crashes due to memory corruption
in the lis_ioctl32_str() function.
The allocated memory, saved in datap pointer:
datap = ALLOCF(par64.ic_len+32,"ioctl32 ");
may get corrupted after sys_ioctl() call.
To catch corruption, I have added check guard calls before and after sys_ioctl() calls:
lis_check_guard(datap, "---- before sys_ioctl\n");
rc = sys_ioctl(fd,cmd,(unsigned long)&par64);
lis_check_guard(datap, "---- after sys_ioctl\n");
The '---after sys_ioctl' check guard call indicates memory corruption.
I looked through sources but cannot find the bug.
Seems like memory pointed by datap will be memcpy'ied into streams message
in lis_strioctl/lis_strdoioctl later on and should be unaffected by further processing
in underlying drivers.
Or do I miss something here?
--
Eugene
Try the New Netscape Mail Today!
Virtually Spam-Free | More Storage | Import Your Contact List
http://mail.netscape.com
