From owner-freebsd-net Tue Aug 7 18: 7: 7 2001 Delivered-To: freebsd-net@freebsd.org Received: from mail.viasoft.com.cn (unknown [61.153.1.177]) by hub.freebsd.org (Postfix) with ESMTP id ACF8F37B401 for ; Tue, 7 Aug 2001 18:06:59 -0700 (PDT) (envelope-from bsddiy@163.net) Received: from William ([192.168.1.98]) by mail.viasoft.com.cn (8.9.3/8.9.3) with SMTP id JAA06477; Wed, 8 Aug 2001 09:09:33 +0800 Message-ID: <001601c11fa6$0d4ce560$6201a8c0@William> From: "David Xu" To: , References: Subject: Re: possible duplicated free in kernel Date: Wed, 8 Aug 2001 09:04:18 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Why don't you report it via PR? I suspect most patches will be lost in = this mailling list. -- David Xu ----- Original Message -----=20 From: )> To: Sent: Tuesday, August 07, 2001 8:44 PM Subject: possible duplicated free in kernel > (Probably I have to make a PR...,) >=20 > The latest RELNEG_4 version (rev. 1.7.2.4) of sys/netinet6/raw_ip6.c > has the following code fragment: >=20 > rip6_output() > .. > freectl: > if (optp =3D=3D &opt && optp->ip6po_rthdr && optp->ip6po_route.ro_rt) > RTFREE(optp->ip6po_route.ro_rt); > if (control) { > if (optp =3D=3D &opt) > ip6_clearpktopts(optp, 0, -1); >=20 > Thus, it can call RTFREE inside the function. However, > ip6_clearpktopts(defined in netinet6/ip6_output.c) also calls RTFREE: >=20 > ip6_clearpktopts() > .. > if (pktopt->ip6po_route.ro_rt) { > RTFREE(pktopt->ip6po_route.ro_rt); > pktopt->ip6po_route.ro_rt =3D NULL; > } >=20 > Consequently, optp->ip6po_route.ro_rt can be freed two times, > unexpectedly. >=20 > Here is a patch to fix the problem. Please review it, and merge it > to the repository (hopefully before 4.4-RELEASE.) if acceptable. >=20 > Thanks, >=20 > JINMEI, Tatuya > Communication Platform Lab. > Corporate R&D Center, Toshiba Corp. > jinmei@isl.rdc.toshiba.co.jp >=20 >=20 > *** raw_ip6.c.orig Tue Aug 7 21:42:30 2001 > --- raw_ip6.c Tue Aug 7 21:42:36 2001 > *************** > *** 472,479 **** > m_freem(m); > =20 > freectl: > - if (optp =3D=3D &opt && optp->ip6po_rthdr && = optp->ip6po_route.ro_rt) > - RTFREE(optp->ip6po_route.ro_rt); > if (control) { > if (optp =3D=3D &opt) > ip6_clearpktopts(optp, 0, -1); > --- 472,477 ---- >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message