tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Double-Free in bwi(4)
Hi,
I was peacefully testing a new feature in my code scanner when it brought me
in sys/dev/ic/bwi.c for what turned out to be an internal bug in the parser.
But, actually, I found a double-free bug in bwi.c.
Can someone review/test it?
Thanks!
Index: bwi.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/bwi.c,v
retrieving revision 1.25
diff -u -r1.25 bwi.c
--- bwi.c 7 Jan 2015 07:05:48 -0000 1.25
+++ bwi.c 21 Mar 2015 06:50:09 -0000
@@ -9140,7 +9140,6 @@
MGETHDR(m_new, M_DONTWAIT, MT_DATA);
if (m_new == NULL) {
- m_freem(m);
error = ENOBUFS;
aprint_error_dev(sc->sc_dev,
"can't defrag TX buffer (1)\n");
@@ -9151,7 +9150,6 @@
if (m->m_pkthdr.len > MHLEN) {
MCLGET(m_new, M_DONTWAIT);
if (!(m_new->m_flags & M_EXT)) {
- m_freem(m);
m_freem(m_new);
error = ENOBUFS;
}
Home |
Main Index |
Thread Index |
Old Index