Date: Tue, 6 Dec 2011 03:16:24 GMT From: Herbie Robinson <Herbie.Robinson@stratus.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/163089: Duplicate free in the error return for mld_v2_encap_report in mld6.c Message-ID: <201112060316.pB63GOjd045882@red.freebsd.org> Resent-Message-ID: <201112060320.pB63K9b1083197@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163089 >Category: kern >Synopsis: Duplicate free in the error return for mld_v2_encap_report in mld6.c >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 06 03:20:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Herbie Robinson >Release: 8 >Organization: Stratus Technologies >Environment: This is a port of the IPv6 code to a non-BSD operating system. I [think] I have checked the latest CVS and the problem is still there. >Description: All of this is in src/sys/netinet6/mld6.c The call code is: m0 = mld_v2_encap_report(ifp, m); if (m0 == NULL) { CTR2(KTR_MLD, "%s: dropped %p", __func__, m); m_freem(m); The function mld_v2_encap_report consumes the mbuf in all cases (normal and error return); so, this is duplicate. I haven't been working with the code long enough to know whether the coding philosophy would be to delete the free from the caller or the subroutine. I would be inclined to remove the duplicate free from the caller... I left the priority as low because memory allocation failures are rare these days... >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112060316.pB63GOjd045882>