The following reply was made to PR kern/32928; it has been noted by GNATS.

From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
To: Rui Paulo <rpaulo@fnop.net>
Cc: gnats-bugs@netbsd.org
Subject: Re: kern/32928: bpf filter can fail to extract a 32-bit quantity
Date: Sat, 25 Feb 2006 14:42:50 +0100

 On Sat, Feb 25, 2006 at 12:51:33PM +0000, Rui Paulo wrote:
 > --- bpf_filter.c.~1.29.~	2006-02-10 20:08:13.000000000 +0000
 > +++ bpf_filter.c	2006-02-25 12:51:07.000000000 +0000
 > @@ -98,9 +98,13 @@ m_xword(struct mbuf *m, uint32_t k, int 
 >  		*err = 0;
 >  		return EXTRACT_LONG(cp);
 >  	}
 > -	m0 = m->m_next;
 > -	if (m0 == 0 || m0->m_len + len - k < 4)
 > -		goto bad;
 > +
 > +	for (m0 = m->m_next; ; m0 = m0->next) {
 > +		if (m0 == 0)
 > +			goto bad;
 > +		if (m0->m_len + len - k >= 4)
 > +			break;
 > +	}
 
 Sorry, I don't see how this is supposed to work. This would skip the short
 mbuf(s) and read different data than it is supposed to.
 
 BTW I'm planning to reorganize this code a bit... I just wanted to know if
 this is an actual bug and if calling m_xhalf twice would be OK.