On Tue, Apr 17, 2007 at 12:31:48PM -0400, Stefan Schmieta wrote:
> Revision 1.41 of sys/net/if_gif.c broke the gif-loop detection by
> introducing a use-after-free that causes a kernel panic if a loop is
> detected. Not sure if the patch below is the way to go, but it
> definitely makes the crash go away.
>

I like the following solution better.

--
:wq Claudio

Index: if_gif.c
================================================== =================
RCS file: /cvs/src/sys/net/if_gif.c,v
retrieving revision 1.41
diff -u -p -r1.41 if_gif.c
--- if_gif.c 22 Feb 2007 15:31:44 -0000 1.41
+++ if_gif.c 17 Apr 2007 17:07:28 -0000
@@ -196,9 +196,11 @@ gif_start(ifp)
log(LOG_NOTICE, "gif_output: "
"recursively called too many times\n");
m_freem(m);
- continue;
+ break;
}
}
+ if (mtag)
+ continue;

mtag = m_tag_get(PACKET_TAG_GIF, sizeof(caddr_t), M_NOWAIT);
if (mtag == NULL) {