Marc Schneider wrote:
>
> msgsnd seems to be corrupting memory around the msgbuf pointer.
>
> for example I have the following code:
>
> pMsgBuf = malloc(iPacketLen + 4 + 8);
> bzero(pMsgBuf, iPacketLen + 4 + 8);
> pMsgBuf += 4; /* Build a guard band */
>
> printf("PMQ:pMsgBuf: %p\n",pMsgBuf);
> printf("PMQ:-4: %p\n", *(pMsgBuf-4));
>
> rc = msgsnd(iMsgQueueID, pMsgBuf, iPacketLen, 0);
>
Two issues which may or may not directly address your problem. Quoting
the man page:
...The structure member mtype must have a
strictly positive integer value that can be used by the
receiving process for message selection (see the section
about msgrcv).
Here, your 'mtype', the long at the beginning of the message, is 0.
Secondly, the third parameter to msgsnd is the size of the data portion
of the message, not the 'packetlen.' Usually msgsnd is passed a
structure pointer, say a struct msgbuf *. In that case, msgsz is:
sizeof(struct msgbuf) - sizeof(long).
The first issue makes anything possible... The second is just a gotcha
to avoid.
David Mansfield
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
