Xref: utzoo comp.bugs.sys5:450 comp.unix.wizards:8671
Path: utzoo!attcan!uunet!husc6!uwvax!oddjob!ncar!noao!arizona!wendt
From: wendt@arizona.edu (Alan Lee Wendt)
Newsgroups: comp.bugs.sys5,comp.unix.wizards
Subject: Venix-86 sbrk() wraps and dumps core.
Keywords: bug
Message-ID: <5555@megaron.arizona.edu>
Date: 20 May 88 20:17:37 GMT
Organization: U of Arizona CS Dept, Tucson
Lines: 54

Problem:    sbrk wraps the break, returning a low number.

Symptom:    Segmentation violations.  On my system attempts to
            backtrace the problem in the debugger crash the system.

System:     80286 Venix V Rev 2.2, but examine other Sys V
	    in case it's generic.

Reproduce:  Set the break to 65022 with a series of sbrk calls.
	    Then do sbrk(526).  My system will set the new break
	    to 12.

Fix:        I added a jump on no-carry (jnb) around some code that
	    sets the errno to ENOMEM and returns -1.  If the addition
	    to get the new break wraps, it will set the carry and
	    fall into the error case.
	    You'll need to disassemble brk.o in /lib/libc.  The
	    routine brk is also in brk.o but is not shown here
	    because it doesn't need changes.

	    Apologies for the hard constants.

Fixer:      Alan Wendt


	.globl	_end
	.comm	_errno,2
	.data
	.even
_loc:	.word	_end

	.text

	.globl	_sbrk
_sbrk:	push	bp
	mov	bp,sp
	mov	bx,#17
	mov	ax,*4(bp)
	add	ax,_loc
	jnb	_try			*new
	mov	_errno,*12		*new
	mov	ax,*-1			*new
	j	_out1			*new
_try:					*new
	int	241
	jcxz	_ok1
	mov	_errno,cx
	j	_out1
_ok1:	mov	bx,_loc
	mov	ax,bx
	add	bx,*4(bp)
	mov	_loc,bx
_out1:	pop	bp
	ret