Xref: utzoo comp.sys.ncr:344 comp.unix.wizards:22394
Path: utzoo!attcan!uunet!ncrlnk!adds!tanya
From: tanya@adds.newyork.NCR.COM (Tanya Katz)
Newsgroups: comp.sys.ncr,ncr.sys.unix,comp.unix.wizards
Subject: POLL(2) corrupts pollfd struct when nfds > NPOLLFILE
Keywords: UnixV.3 poll(2)
Message-ID: <1301@adds.newyork.NCR.COM>
Date: 1 Jun 90 17:02:47 GMT
Organization: Applied Digital Data Systems Hauppauge, NY
Lines: 30


Calling poll(2) with nfds > NPOLLFILE causes corruption of the pollfd 
structure at offsets > NPOLLFILE.

The O/S we are using is Unix v.3 Release 1.01 for the NCR Tower 32/700.

If nfds > NPOLLFILE, the kernel code loops through the pollfd array
in chunks of NPOLLFILE.  The problem arises when copyin() is called 
to copy user data into kernel space.

If nfds > NPOLLFILE the pointer to the user pollfd structure is never 
advanced and the copyin() routine always copies the same user data 
into the kernel structure.

When copyout() is called the user data, beginning with offsets > 
NPOLLFILE, is overwritten with the data from the beginning of the table.

Anyone have similar experiences?

-Tanya


#-------------------------------------------------#
| Tanya Katz                  (516) 231-5400 x430 |
|                                                 |
|	...uunet!ncrlnk!adds!tanya                |
| 	tanya.katz@adds.newyork.ncr.com           |
|                                                 |
| ADDS Inc, 100 Marcus Blvd, Hauppauge, NY 11788  |
#-------------------------------------------------#