svn commit: r196538 - in stable/7/sys: . contrib/pf kern
Bjoern A. Zeeb
bz at FreeBSD.org
Tue Aug 25 12:32:16 UTC 2009
Author: bz
Date: Tue Aug 25 12:32:16 2009
New Revision: 196538
URL: http://svn.freebsd.org/changeset/base/196538
Log:
MFC r182842:
Catch a possible NULL pointer deref in case the offsets got mangled
somehow.
As a consequence we may now get an unexpected result(*).
Catch that error cases with a well defined panic giving appropriate
pointers to ease debugging.
(*) While the concensus was that the case should never happen unless
there was a bug, noone was definitively sure.
Modified:
stable/7/sys/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
stable/7/sys/kern/uipc_sockbuf.c
Modified: stable/7/sys/kern/uipc_sockbuf.c
==============================================================================
--- stable/7/sys/kern/uipc_sockbuf.c Tue Aug 25 11:44:17 2009 (r196537)
+++ stable/7/sys/kern/uipc_sockbuf.c Tue Aug 25 12:32:16 2009 (r196538)
@@ -930,11 +930,13 @@ sbsndptr(struct sockbuf *sb, u_int off,
/* Advance by len to be as close as possible for the next transmit. */
for (off = off - sb->sb_sndptroff + len - 1;
- off > 0 && off >= m->m_len;
+ off > 0 && m != NULL && off >= m->m_len;
m = m->m_next) {
sb->sb_sndptroff += m->m_len;
off -= m->m_len;
}
+ if (off > 0 && m == NULL)
+ panic("%s: sockbuf %p and mbuf %p clashing", __func__, sb, ret);
sb->sb_sndptr = m;
return (ret);
More information about the svn-src-all
mailing list