On Tue, Nov 08, 2016 at 11:01 +0100, Martin Pieuchot wrote:
> semarie exposed a bug in m_pullup(9) while testing my diff to
> automatically create lo(4) interfaces per rdomain.
>
> In the block below ``m'' is dereferenced without being previously set.
>
Indeed. My test coverage wasn't perfect...
> Is the diff below correct?
>
Most definitely. OK mikeb
> Index: kern/uipc_mbuf.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/uipc_mbuf.c,v
> retrieving revision 1.237
> diff -u -p -r1.237 uipc_mbuf.c
> --- kern/uipc_mbuf.c 27 Oct 2016 03:29:55 -0000 1.237
> +++ kern/uipc_mbuf.c 8 Nov 2016 09:57:06 -0000
> @@ -896,7 +896,7 @@ m_pullup(struct mbuf *n, int len)
> if (len > tail - mtod(n, caddr_t)) {
> /* need to memmove to make space at the end */
> memmove(head, mtod(n, caddr_t), n->m_len);
> - m->m_data = head;
> + n->m_data = head;
> }
>
> len -= n->m_len;
