[800] in testers
Re: top segvio
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Sun May 20 03:34:17 1990
Date: Sun, 20 May 90 03:33:41 -0400 (EDT)
From: John F Carr <jfc@ATHENA.MIT.EDU>
To: testers@MIT.EDU, cfields@ATHENA.MIT.EDU
In-Reply-To: <9005200441.AA19313@sloth.MIT.EDU>
I found the bug. The function getcmd() in
/source/athena/usr.athena/top/kernel.c can use a variable after falling
out of a loop because that variable went past the end of an array. Line
339 of this file ("*cp = 0") needs to be changed (possibly to "if(cp <
limit) *cp = 0; else *limit = 0:").
Writing a zero to the byte past the end of this array wrote a 0 into the
high order byte of the saved register 11, which is used as a pointer in
the calling function.
