some unportable code in 4.3bsd tty driver
Ian Donaldson
rcodi at yabbie.rmit.oz
Thu Sep 22 03:38:09 AEST 1988
Files:
/usr/src/sys/sys/tty.c
O/S: 4.3bsd (vax release, but probably all)
Priority: low (unless of course it affects -you-)
Description:
The 4.3bsd tty driver contains some code that assumes that
a structure is contained within another structure, but there
are no physical bindings between the two structures.
ie: the code that handles the 4 ioctls: TIOCGETC, TIOCSETC,
TIOCGLTC, TIOCSLTC assume that the structure that they copy
in or out (ie: struct tchars or struct ltchars) aligns exactly
with a component of struct ttychars (ie: t_intrc or t_suspc,
respectively).
Whilst this probably will work on most byte addressable
machines, it is clearly unportable and a dangerous practise.
Implications:
somebody changes struct ttychars without knowing what
the kernel expects of the order/adjacency of components
and the kernel may fall over
Fix:
Easy. Copy each component to/from user space using individual
assignments rather than a single bcopy().
Either that, or make struct ttychars consist of struct tchars
and struct ltchars plus other goodies.
(well I would do the former, since all these extra structs
are really pointless and should be chucked out of the kernel anyway)
Ian Donaldson
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list