Ted Kremenek wrote :
>
> linux-2.5.69/net/irda/af_irda.c (lines 868-911)
> [BUG/LEAK, kfree_skb not called on error path]
Fixed in the mega "memory-leak" patch that I sent to Jeff a
few days ago :
http://marc.theaimsgroup.com/?l=linux-kernel&m=105286497718003&w=2
> linux-2.5.69/drivers/net/wireless/wavelan.c (lines 3012-3041)
> [BUG/LEAK: skb_padto may return new address. Note certain what
> the exact semantics are, but skb_padto returns possibly
> a new skb. It also may free the skb pointer passed to
> it, meaning the calling function may have a dangling reference.]
>
> printk(KERN_DEBUG "%s: ->wavelan_packet_xmit(0x%X)\n", dev->name,
> (unsigned) skb);
> #endif
>
> if (skb->len < ETH_ZLEN) {
> Start --->
> skb = skb_padto(skb, ETH_ZLEN);
>
> ... DELETED 23 lines ...
>
> printk(KERN_INFO "skb has next\n");
> #endif
>
> /* Write packet on the card */
> if(wv_packet_write(dev, skb->data, skb->len))
> Error --->
> return 1; /* We failed */
>
> dev_kfree_skb(skb);
This is very yucky. The memory leak is easy to fix, but the
dandling reference is *very* serious. And I don't see how to fix that
without either changing the behaviour of skb_padto or the semantic of
the xmit API.
Alan, would you mind thinking 2sec about this one ?
Thanks...
Jean
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri May 23 2003 - 22:00:50 EST