Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 16 Jul 2016 12:25:37 +0000 (UTC)
From:      Michael Tuexen <tuexen@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r302935 - head/sys/netinet
Message-ID:  <201607161225.u6GCPb5g066470@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: tuexen
Date: Sat Jul 16 12:25:37 2016
New Revision: 302935
URL: https://svnweb.freebsd.org/changeset/base/302935

Log:
  Deal with a portential memory allocation failure, which was reported
  by the clang static code analyzer.
  Joint work with rrs@.
  
  MFC after:	3 days

Modified:
  head/sys/netinet/sctp_indata.c

Modified: head/sys/netinet/sctp_indata.c
==============================================================================
--- head/sys/netinet/sctp_indata.c	Sat Jul 16 10:50:28 2016	(r302934)
+++ head/sys/netinet/sctp_indata.c	Sat Jul 16 12:25:37 2016	(r302935)
@@ -753,7 +753,7 @@ sctp_handle_old_data(struct sctp_tcb *st
 	 */
 	struct sctp_tmit_chunk *chk, *lchk, *tchk;
 	uint32_t fsn;
-	struct sctp_queued_to_read *nc = NULL;
+	struct sctp_queued_to_read *nc;
 	int cnt_added;
 
 	if (control->first_frag_seen == 0) {
@@ -768,6 +768,11 @@ restart:
 	TAILQ_FOREACH_SAFE(chk, &control->reasm, sctp_next, lchk) {
 		if (chk->rec.data.fsn_num == fsn) {
 			/* Ok lets add it */
+			sctp_alloc_a_readq(stcb, nc);
+			if (nc == NULL) {
+				break;
+			}
+			memset(nc, 0, sizeof(struct sctp_queued_to_read));
 			TAILQ_REMOVE(&control->reasm, chk, sctp_next);
 			sctp_add_chk_to_control(control, strm, stcb, asoc, chk);
 			fsn++;
@@ -781,7 +786,6 @@ restart:
 					 * on the control queue to a new
 					 * control.
 					 */
-					sctp_alloc_a_readq(stcb, nc);
 					sctp_build_readq_entry_from_ctl(nc, control);
 					tchk = TAILQ_FIRST(&control->reasm);
 					if (tchk->rec.data.rcv_flags & SCTP_DATA_FIRST_FRAG) {
@@ -826,16 +830,19 @@ restart:
 					    SCTP_READ_LOCK_NOT_HELD, SCTP_SO_NOT_LOCKED);
 				}
 				sctp_wakeup_the_read_socket(stcb->sctp_ep, stcb, SCTP_SO_NOT_LOCKED);
-				if ((nc) && (nc->first_frag_seen)) {
+				if (!TAILQ_EMPTY(&nc->reasm) && (nc->first_frag_seen)) {
 					/*
 					 * Switch to the new guy and
 					 * continue
 					 */
 					control = nc;
-					nc = NULL;
 					goto restart;
+				} else {
+					sctp_free_a_readq(stcb, nc);
 				}
 				return (1);
+			} else {
+				sctp_free_a_readq(stcb, nc);
 			}
 		} else {
 			/* Can't add more */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607161225.u6GCPb5g066470>