We'd have to determine where and when this memory gets freed, of course.
Michael McConville wrote:
> It seems pretty clear to me that what was here was wrong. A field of a
> global struct was pointed at local array. The program logic was a
> little wacky, but this is my best estimate of what was intended.
> Input?
>
>
> Index: ping6.c
> ===================================================================
> RCS file: /cvs/src/sbin/ping6/ping6.c,v
> retrieving revision 1.112
> diff -u -p -r1.112 ping6.c
> --- ping6.c 1 Sep 2015 19:53:23 -0000 1.112
> +++ ping6.c 7 Sep 2015 19:44:15 -0000
> @@ -1056,7 +1056,10 @@ pinger(void)
> memset(&iov, 0, sizeof(iov));
> iov[0].iov_base = (caddr_t)outpack;
> iov[0].iov_len = cc;
> - smsghdr.msg_iov = iov;
> + smsghdr.msg_iov = calloc(1, sizeof(struct iovec));
> + if (smsghdr.msg_iov == NULL)
> + return(1);
> + *smsghdr.msg_iov = iov[0];
> smsghdr.msg_iovlen = 1;
>
> i = sendmsg(s, &smsghdr, 0);
