CVS commit: src/sys/kern

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/kern
From: "Maxime Villard" <maxv%netbsd.org@localhost>
Date: Sun, 7 Jun 2020 15:19:05 +0000

Module Name:    src
Committed By:   maxv
Date:           Sun Jun  7 15:19:05 UTC 2020

Modified Files:
        src/sys/kern: uipc_socket.c

Log Message:
Fix bohr bug triggered only once by syzkaller 2,5 months ago.

In sockopt_alloc(), 'sopt' may already have been initialized with
'sopt->sopt_data = sopt->sopt_buf'. If the allocation fails, we
end up with 'sopt->sopt_data = NULL', and later try to free this
NULL pointer in sockopt_destroy().

Fix that by not modifying 'sopt_data' if the allocation failed.

Difficult to reproduce in normal times, but fault(4) makes it
easy.

Reported-by: syzbot+380cb5d518742f063ad2%syzkaller.appspotmail.com@localhost


To generate a diff of this commit:
cvs rdiff -u -r1.289 -r1.290 src/sys/kern/uipc_socket.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src/distrib/sets/lists/comp
Next by Date: CVS commit: src/games/fortune/datfiles
Previous by Thread: CVS commit: src/distrib/sets/lists/comp
Next by Thread: CVS commit: src/games/fortune/datfiles
Indexes:

Home | Main Index | Thread Index | Old Index