Memory leak for EMSGSIZE errors when writing to a BPF device

Matthew Dillon dillon at
Fri Jul 8 11:21:11 PDT 2005

:bpfwrite() does:
:	error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
:	if (error)
:		return(error);
:	if (datlen > ifp->if_mtu)
:		return(EMSGSIZE);
:The mbuf chain pointed to by m isn't freed in that case.
:FreeBSD 5.x fixes this by passing the MTU as an argument to 
:bpf_movein(), and has bpf_movein() return EMSGSIZE before copying 
:anything if the data length is greater than the MTU.
:Current CVS NetBSD and OpenBSD free the mbuf chain before returning 

    I've added the m_freem().

					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

More information about the Bugs mailing list