Bug iwith setjmp/longjmp on Vax
gwyn at brl-tgr.ARPA
gwyn at brl-tgr.ARPA
Sat Jun 8 14:10:03 AEST 1985
> main(){
> foo();
> longjmp(env, 1);
> }
>
> foo(){
>
> mode = setjmp(env);
> if (mode != 0) magic();
> }
"If longjmp is called even though env was never primed by a call to
setjmp, or when the last such call was in a function which has since
returned, absolute chaos is guaranteed."
- System V Interface Definition
You see, foo()'s stack frame has been totally trashed after he
returned (e.g., arguments to longjmp were pushed onto the stack
at addresses that were formerly part of foo()'s stack frame), and
when the longjmp attempts to reactivate it it no longer makes any
sense.. Sometimes it may work by accident, but it WILL be an accident.
More information about the Comp.unix.wizards
mailing list