d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Catch a possible NULL pointer deref in case the offsets got mangled

Browse Source 
somehow.
As a consequence we may now get an unexpected result(*).
Catch that error cases with a well defined panic giving appropriate
pointers to ease debugging.

(*) While the concensus was that the case should never happen unless
    there was a bug, noone was definitively sure.

Discussed with:		kmacy (about 8 months back)
Reviewed by:		silby (as part of a larger patch in March)
MFC after:		2 months
This commit is contained in:
Bjoern A. Zeeb 2008-09-07 13:09:04 +00:00
parent c4982fae59
commit 6f4745d575
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=182842
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/kern/uipc_sockbuf.c
View File

@ -937,11 +937,13 @@ sbsndptr(struct sockbuf *sb, u_int off, u_int len, u_int *moff)
/* Advance by len to be as close as possible for the next transmit. */
for (off = off - sb->sb_sndptroff + len - 1;
off > 0 && off >= m->m_len;
off > 0 && m != NULL && off >= m->m_len;
m = m->m_next) {
sb->sb_sndptroff += m->m_len;
off -= m->m_len;
}
if (off > 0 && m == NULL)
panic("%s: sockbuf %p and mbuf %p clashing", __func__, sb, ret);
sb->sb_sndptr = m;
return (ret);