Memory leak for EMSGSIZE errors when writing to a BPF device
Matthew Dillon
dillon at apollo.backplane.com
Fri Jul 8 11:21:11 PDT 2005
:bpfwrite() does:
:
: error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
: if (error)
: return(error);
:
: if (datlen > ifp->if_mtu)
: return(EMSGSIZE);
:
:The mbuf chain pointed to by m isn't freed in that case.
:
:FreeBSD 5.x fixes this by passing the MTU as an argument to
:bpf_movein(), and has bpf_movein() return EMSGSIZE before copying
:anything if the data length is greater than the MTU.
:
:Current CVS NetBSD and OpenBSD free the mbuf chain before returning
:EMSGSIZE.
I've added the m_freem().
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Bugs
mailing list