Subject: Re: kern/36768: memory leek in ipcomp_output.c
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Wolfgang Stukenbrock <Wolfgang.Stukenbrock@nagler-company.com>
List: netbsd-bugs
Date: 08/10/2007 17:15:04
The following reply was made to PR kern/36768; it has been noted by GNATS.
From: Wolfgang Stukenbrock <Wolfgang.Stukenbrock@nagler-company.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/36768: memory leek in ipcomp_output.c
Date: Fri, 10 Aug 2007 19:10:59 +0200
Hi again,
just after submitting the bug report, I've found another bug in it!
If the ipcomp_output() is not able to compress the buffer, it just
returns 0 and the Buffer "m" ist still there.
(e.g. line 139, 161 or 174)
But the calling stub routines ipcomp4_output() and ipcomp6_output()
will free "m" and return 0.
So the caller cannot know it "m" is still valid on return or not.
This will blow up the mbuf subsystem !!!
W. Stukenbrock
gnats-admin@NetBSD.org wrote:
> Thank you very much for your problem report.
> It has the internal identification `kern/36768'.
> The individual assigned to look at your
> report is: kern-bug-people.
>
>
>>Category: kern
>>Responsible: kern-bug-people
>>Synopsis: memory leek in ipcomp_output.c
>>Arrival-Date: Fri Aug 10 17:00:00 +0000 2007
>>
>