On Wed, Apr 24, 2013 at 03:43:06AM +0800, Marek Lindner wrote:
> On Wednesday, April 24, 2013 03:30:04 Antonio Quartulli wrote:
> > On Wed, Apr 24, 2013 at 03:17:26AM +0800, Marek Lindner wrote:
> > > On Sunday, April 21, 2013 00:17:33 Martin Hundebøll wrote:
> > > > + /* Make room for the rest of the fragments. */
> > > > + if (pskb_expand_head(skb_out, 0, size - skb->len, GFP_ATOMIC) <
> > > > 0) {
> > > > + kfree_skb(skb_out);
> > > > + goto free;
> > > > + }
> > >
> > > If pskb_expand_head() really fails this function will lead to a crash
> > > because skb_out points to undefined memory.
> >
> > I'm not sure about this. pskb_expand_head() can only fail in the early
> > phase and in that case it seems to return the original skb as it was.
>
> I guess I did not make myself sufficiently clear: If pskb_expand_head() fails
> the skb is free'd with "kfree_skb(skb_out);" followed by a jump to "free"
> where the recently free'd buffer is returned ...
> Oh, ok. I misunderstood then. Sorry. Cheers, -- Antonio Quartulli ..each of us alone is worth nothing.. Ernesto "Che" Guevara
signature.asc
Description: Digital signature
