Date: Sat, 8 Dec 2012 01:53:42 -0800 From: Adrian Chadd <adrian@freebsd.org> To: freebsd-wireless@freebsd.org Subject: Re: Hm, somehow the fast frames code is broken (surprise) Message-ID: <CAJ-Vmomskf=3gCVKRrrB%2BdHuJRDGtPvePvdTVXt-_mF9zOjfaQ@mail.gmail.com> In-Reply-To: <CAJ-Vmok2TNPvg0Ogtz0LfWLTXkVw_GE%2B7TPn51gKLvGiUZgGPQ@mail.gmail.com> References: <CAJ-Vmok2TNPvg0Ogtz0LfWLTXkVw_GE%2B7TPn51gKLvGiUZgGPQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
... On 8 December 2012 01:24, Adrian Chadd <adrian@freebsd.org> wrote: > * upon a node purge, there's a panic inside m_free() from > ieee80211_ff_node_cleanup(), where it dereferences a pointer > 0xdeadc0de. So there's some use-after-free nonsense going ... aaand look at that, I've just fixed it in -HEAD. The second panic hasn't shown up yet but I don't believe that fixing the first panic magically made the second panic go away. In any case I'll just plod along with some further testing and see how things go. Thanks, Adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmomskf=3gCVKRrrB%2BdHuJRDGtPvePvdTVXt-_mF9zOjfaQ>