mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-02 12:20:51 +00:00
Catch a possible NULL pointer deref in case the offsets got mangled
somehow. As a consequence we may now get an unexpected result(*). Catch that error cases with a well defined panic giving appropriate pointers to ease debugging. (*) While the concensus was that the case should never happen unless there was a bug, noone was definitively sure. Discussed with: kmacy (about 8 months back) Reviewed by: silby (as part of a larger patch in March) MFC after: 2 months
This commit is contained in:
parent
c4982fae59
commit
6f4745d575
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=182842
@ -937,11 +937,13 @@ sbsndptr(struct sockbuf *sb, u_int off, u_int len, u_int *moff)
|
||||
|
||||
/* Advance by len to be as close as possible for the next transmit. */
|
||||
for (off = off - sb->sb_sndptroff + len - 1;
|
||||
off > 0 && off >= m->m_len;
|
||||
off > 0 && m != NULL && off >= m->m_len;
|
||||
m = m->m_next) {
|
||||
sb->sb_sndptroff += m->m_len;
|
||||
off -= m->m_len;
|
||||
}
|
||||
if (off > 0 && m == NULL)
|
||||
panic("%s: sockbuf %p and mbuf %p clashing", __func__, sb, ret);
|
||||
sb->sb_sndptr = m;
|
||||
|
||||
return (ret);
|
||||
|
Loading…
Reference in New Issue
Block a user