d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

In m_pulldown(), before trying to prepend bytes to the subsequent mbuf,

Browse Source 
ensure that the subsequent mbuf contains the remainder of the bytes
the caller sought. If this is not the case, fall through to the code
which gathers the bytes in a new mbuf.

This fixes a bug where m_pulldown() could fail to gather all the desired
bytes into consecutive memory.

PR:		238787
Reported by:	A reddit user
Discussed with:	emaste
Obtained from:	NetBSD
MFC after:	3 days
This commit is contained in:
Jonathan T. Looney 2019-08-09 05:18:59 +00:00
parent 3447ea90d7
commit afd959f332
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sys/kern/uipc_mbuf2.c
View File

@ -216,7 +216,7 @@ m_pulldown(struct mbuf *m, int off, int len, int *offp)
goto ok;
}
if ((off == 0 || offp) && M_LEADINGSPACE(n->m_next) >= hlen
&& writable) {
&& writable && n->m_next->m_len >= tlen) {
n->m_next->m_data -= hlen;
n->m_next->m_len += hlen;
bcopy(mtod(n, caddr_t) + off, mtod(n->m_next, caddr_t), hlen);