diff options
author | Jacques Vidrine <nectar@FreeBSD.org> | 2003-10-02 16:05:44 +0000 |
---|---|---|
committer | Jacques Vidrine <nectar@FreeBSD.org> | 2003-10-02 16:05:44 +0000 |
commit | a5f1daf898a1811f76e33d71c01e0df34cbba1e4 (patch) | |
tree | df77665e4771665dd9a1431a8e640abc524d2782 | |
parent | ca4b3740d34e2a336769548fc1b3cd884d1b3309 (diff) | |
download | src-a5f1daf898a1811f76e33d71c01e0df34cbba1e4.tar.gz src-a5f1daf898a1811f76e33d71c01e0df34cbba1e4.zip |
MFS 1.55.2.11: Correct a reference counting bug in readv(2).
Notes
Notes:
svn path=/releng/4.3/; revision=120668
-rw-r--r-- | UPDATING | 3 | ||||
-rw-r--r-- | sys/conf/newvers.sh | 2 | ||||
-rw-r--r-- | sys/kern/sys_generic.c | 12 |
3 files changed, 10 insertions, 7 deletions
@@ -16,6 +16,9 @@ minimal number of processes, if possible, for that patch. For those updates that don't have an advisory, or to be safe, you can do a full build and install as described in the COMMON ITEMS section. +20031002: p41 FreeBSD-SA-03:16.filedesc + Correct a reference counting bug in readv(2). + 20030924: p40 FreeBSD-SA-03:14.arp Updated fix for arplookup bug. diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 25b4f0a91851..ec664c24c70c 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="4.3" -BRANCH="RELEASE-p40" +BRANCH="RELEASE-p41" RELEASE="${REVISION}-${BRANCH}" VERSION="${TYPE} ${RELEASE}" diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c index bcea567e51e0..bab39b55da35 100644 --- a/sys/kern/sys_generic.c +++ b/sys/kern/sys_generic.c @@ -231,7 +231,7 @@ readv(p, uap) register struct filedesc *fdp = p->p_fd; struct uio auio; register struct iovec *iov; - struct iovec *needfree; + struct iovec *needfree = NULL; struct iovec aiov[UIO_SMALLIOV]; long i, cnt, error = 0; u_int iovlen; @@ -245,14 +245,14 @@ readv(p, uap) /* note: can't use iovlen until iovcnt is validated */ iovlen = uap->iovcnt * sizeof (struct iovec); if (uap->iovcnt > UIO_SMALLIOV) { - if (uap->iovcnt > UIO_MAXIOV) - return (EINVAL); + if (uap->iovcnt > UIO_MAXIOV) { + error = EINVAL; + goto done; + } MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK); needfree = iov; - } else { + } else iov = aiov; - needfree = NULL; - } auio.uio_iov = iov; auio.uio_iovcnt = uap->iovcnt; auio.uio_rw = UIO_READ; |