SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 09:20 AM
| ||||
| ||||
 use after free in sys/net/if_gif.c Revision 1.41 of sys/net/if_gif.c broke the gif-loop detection by introducing a use-after-free that causes a kernel panic if a loop is detected. Not sure if the patch below is the way to go, but it definitely makes the crash go away. Best, Stefan --- if_gif.c 22 Feb 2007 15:31:44 -0000 1.41 +++ if_gif.c 17 Apr 2007 16:13:47 -0000 @@ -189,21 +189,21 @@ gif_start(ifp) * We'll prevent this by detecting loops. */ for (mtag = m_tag_find(m, PACKET_TAG_GIF, NULL); mtag; mtag = m_tag_find(m, PACKET_TAG_GIF, mtag)) { if (!bcmp((caddr_t)(mtag + 1), &ifp, sizeof(struct ifnet *))) { IF_DROP(&ifp->if_snd); log(LOG_NOTICE, "gif_output: " "recursively called too many times\n"); m_freem(m); - continue; + return; } } mtag = m_tag_get(PACKET_TAG_GIF, sizeof(caddr_t), M_NOWAIT); if (mtag == NULL) { m_freem(m); break; } bcopy(&ifp, mtag + 1, sizeof(caddr_t)); m_tag_prepend(m, mtag);      |
 |
« Re: caps-lock / control key swap weirdness (adb keyboard)
|
Re: use after free in sys/net/if_gif.c »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 09:48 AM.
