Date: Tue, 6 Dec 2011 03:16:24 GMT From: Herbie Robinson <Herbie.Robinson@stratus.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/163089: Duplicate free in the error return for mld_v2_encap_report in mld6.c Message-ID: <201112060316.pB63GOjd045882@red.freebsd.org> Resent-Message-ID: <201112060320.pB63K9b1083197@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163089
>Category: kern
>Synopsis: Duplicate free in the error return for mld_v2_encap_report in mld6.c
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 06 03:20:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Herbie Robinson
>Release: 8
>Organization:
Stratus Technologies
>Environment:
This is a port of the IPv6 code to a non-BSD operating system. I [think] I have checked the latest CVS and the problem is still there.
>Description:
All of this is in src/sys/netinet6/mld6.c
The call code is:
m0 = mld_v2_encap_report(ifp, m);
if (m0 == NULL) {
CTR2(KTR_MLD, "%s: dropped %p", __func__, m);
m_freem(m);
The function mld_v2_encap_report consumes the mbuf in all cases (normal and error return); so, this is duplicate. I haven't been working with the code long enough to know whether the coding philosophy would be to delete the free from the caller or the subroutine. I would be inclined to remove the duplicate free from the caller...
I left the priority as low because memory allocation failures are rare these days...
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112060316.pB63GOjd045882>