Memory leak for EMSGSIZE errors when writing to a BPF device

Matthew Dillon dillon at apollo.backplane.com
Fri Jul 8 11:21:11 PDT 2005


:bpfwrite() does:
:
:	error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
:	if (error)
:		return(error);
:
:	if (datlen > ifp->if_mtu)
:		return(EMSGSIZE);
:
:The mbuf chain pointed to by m isn't freed in that case.
:
:FreeBSD 5.x fixes this by passing the MTU as an argument to 
:bpf_movein(), and has bpf_movein() return EMSGSIZE before copying 
:anything if the data length is greater than the MTU.
:
:Current CVS NetBSD and OpenBSD free the mbuf chain before returning 
:EMSGSIZE.

    I've added the m_freem().

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>





More information about the Bugs mailing list