0990c0a12c
so that it returns failure instead of crashing when "m->m_len" is executed and m == NULL. The mbuf ptr can be NULL when a call to xdrmbuf_getbytes() gets the bytes it needs, but they are at the end of a short RPC reply. When this happens, xdrmbuf_getbytes() returns success, but advances the mbuf ptr (xdrs->x_private) to m_next, which is NULL. If this is followed by a call to xdrmbuf_getlong(), it calls xdrmbuf_inline(), which would cause a crash by accessing "m->m_len". Tested by: pho, serenity at exscape dot org Approved by: re (rwatson), kib (mentor) |
||
|---|---|---|
| .. | ||
| xdr_array.c | ||
| xdr_mbuf.c | ||
| xdr_mem.c | ||
| xdr_reference.c | ||
| xdr_sizeof.c | ||
| xdr.c | ||