MorphOS Developer
Posts: 576 from 2003/2/24
From: finland, the l...
Quote:
Strange it seemed to work on AROS & OS3
Not that strange really. If the MsgPort mp_MsgList is initialized as all zeros the result will be that address 0 will be used as temporary storage:
1. When the exec IO call finishes the iorequest will be ReplyMsg()d.
2. ReplyMsg() PutMsg() the message to message's mn_ReplyPort (ln_Type is also changed to NT_REPLYMSG).
3. PutMsg() AddTail() the message node to port's mp_MsgList
…now it gets interesting…
Lets assume that the mp_MsgList has been initialized as all zero (as was the case with your buggy code). Here is what happens at AddTail():
Code:
struct Node *oldpredn = l->lh_TailPred; // 0
n->ln_Succ = (struct Node *) &l->lh_Tail;
n->ln_Pred = oldpredn; // 0
oldpredn->ln_Succ = n; // write to 0
l->lh_TailPred = n;
So address 0 will be written to. If you're not running Enforcer or similar, no exception will be thrown.
4. Finally when processing the reply, eventually the message will be removed from the list. Usually this happens by RemHead() call. This is what happens:
Code:
struct Node *rn = l->lh_Head->ln_Succ; // read from address 0, contains the n from the earlier AddTail!
if (rn)
{
l->lh_Head = rn->ln_Succ;
l->lh_Head->ln_Pred = (struct Node *) &l->lh_Head;
}
So this works, assuming you're not running Enforcer and address 0 is writable. Also this depends on this being the only buggy application writing to address 0 (if something else writes there bogus value is returned at RemHead).
I hope this explains why it appeared to "work".
