|
Lines 836-848
Link Here
|
| 836 |
{ |
836 |
{ |
| 837 |
char *cp; |
837 |
char *cp; |
| 838 |
static struct msgbuf *oldp = NULL; |
838 |
static struct msgbuf *oldp = NULL; |
|
|
839 |
unsigned int msg_size; |
| 839 |
|
840 |
|
| 840 |
cp = (char *)ptr; |
841 |
cp = (char *)ptr; |
| 841 |
msgbufp = (struct msgbuf *) (cp + size - sizeof(*msgbufp)); |
842 |
msgbufp = (struct msgbuf *) (cp + size - sizeof(*msgbufp)); |
| 842 |
if (msgbufp->msg_magic != MSG_MAGIC || msgbufp->msg_ptr != cp) { |
843 |
msg_size = (char *)msgbufp - cp; |
|
|
844 |
if (msgbufp->msg_magic != MSG_MAGIC || msgbufp->msg_ptr != cp || |
| 845 |
msgbufp->msg_size != msg_size || msgbufp->msg_bufx >= msg_size || |
| 846 |
msgbufp->msg_bufr >= msg_size) { |
| 843 |
bzero(cp, size); |
847 |
bzero(cp, size); |
| 844 |
msgbufp->msg_magic = MSG_MAGIC; |
848 |
msgbufp->msg_magic = MSG_MAGIC; |
| 845 |
msgbufp->msg_size = (char *)msgbufp - cp; |
849 |
msgbufp->msg_size = msg_size; |
| 846 |
msgbufp->msg_ptr = cp; |
850 |
msgbufp->msg_ptr = cp; |
| 847 |
} |
851 |
} |
| 848 |
if (msgbufmapped && oldp != msgbufp) |
852 |
if (msgbufmapped && oldp != msgbufp) |