Re: infinite recursion in m_split()

To: YAMAMOTO Takashi <yamt%mwd.biglobe.ne.jp@localhost>
Subject: Re: infinite recursion in m_split()
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Fri, 3 Apr 2009 10:15:08 +0200

On Fri, Apr 03, 2009 at 01:22:30AM +0000, YAMAMOTO Takashi wrote:
> > Documentatio doesn't mention that calling m_split() with a 0 len0 is 
> > invalid.
> > My fix is to check for (len0 == 0) in m_split() and return m0 in this case.
> > Is it OK ?
> 
> the fix seems wrong because the caller of m_split will keep a reference to
> the original m0 as well and it will be double-freed eventually.
> i think it's more straightforward to fix nfsrv_getstream.

Right, it appeared to me this morning (sleep gives good things sometimes :)
The obvious place to fix it is indeed nfsrv_getstream() and add a KASSERT
in m_split() (and update the documentation).

To bring the implementation in sync with the documentation we would need to
return a copy of m0 in this case, but this may be overkill. It's better
to let the caller deal with it.

-- 
Manuel Bouyer, LIP6, Universite Paris VI.           
Manuel.Bouyer%lip6.fr@localhost
     NetBSD: 26 ans d'experience feront toujours la difference
--

Follow-Ups:
- Re: infinite recursion in m_split()
  - From: Manuel Bouyer

References:
- infinite recursion in m_split()
  - From: Manuel Bouyer
- Re: infinite recursion in m_split()
  - From: YAMAMOTO Takashi

Prev by Date: Re: infinite recursion in m_split()
Next by Date: Re: panic: sbdrop
Previous by Thread: Re: infinite recursion in m_split()
Next by Thread: Re: infinite recursion in m_split()
Indexes:

Home | Main Index | Thread Index | Old Index