svn commit: r363682 - head/sys/kern
Mark Johnston
markj at FreeBSD.org
Thu Jul 30 00:52:37 UTC 2020
Author: markj
Date: Thu Jul 30 00:52:37 2020
New Revision: 363682
URL: https://svnweb.freebsd.org/changeset/base/363682
Log:
Fix a logic error in uipc_ready_scan().
When processing the last record in a socket buffer, take care to avoid a
NULL pointer dereference when advancing the record iterator.
Reported by: syzbot+6a689cc9c27bd265237a at syzkaller.appspotmail.com
Fixes: r359778
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Modified:
head/sys/kern/uipc_usrreq.c
Modified: head/sys/kern/uipc_usrreq.c
==============================================================================
--- head/sys/kern/uipc_usrreq.c Wed Jul 29 23:59:35 2020 (r363681)
+++ head/sys/kern/uipc_usrreq.c Thu Jul 30 00:52:37 2020 (r363682)
@@ -1279,7 +1279,8 @@ uipc_ready_scan(struct socket *so, struct mbuf *m, int
mb = mb->m_next;
if (mb == NULL) {
mb = n;
- n = mb->m_nextpkt;
+ if (mb != NULL)
+ n = mb->m_nextpkt;
}
}
}
More information about the svn-src-head
mailing list