From owner-freebsd-bugs Thu Oct 25 8:30:18 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 30DA337B40A for ; Thu, 25 Oct 2001 08:30:03 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f9PFU3543200; Thu, 25 Oct 2001 08:30:03 -0700 (PDT) (envelope-from gnats) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D606037B401 for ; Thu, 25 Oct 2001 08:25:54 -0700 (PDT) Received: (from nobody@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f9PFPsd42744; Thu, 25 Oct 2001 08:25:54 -0700 (PDT) (envelope-from nobody) Message-Id: <200110251525.f9PFPsd42744@freefall.freebsd.org> Date: Thu, 25 Oct 2001 08:25:54 -0700 (PDT) From: Maxim Katargin To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/31492: Panic in sysctl_remove_oid. Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 31492 >Category: kern >Synopsis: Panic in sysctl_remove_oid. >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Oct 25 08:30:02 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Maxim Katargin >Release: 4.4 >Organization: >Environment: FreeBSD walder.asplinux.ru 4.4-RELEASE FreeBSD 4.4-RELEASE #1: Mon Sep 17 13:29:51 MSD 2001 root@walder.asplinux.ru:/usr/obj/ext/release-4.4/src/sys/WALDER i386 >Description: Panic in sysctl_remove_oid when kernel is builded with INVARIANTS. The memory is used after free() call was made for it. >How-To-Repeat: >Fix: Index: kern/kern_sysctl.c =================================================================== RCS file: /ext/vcvs/src/sys/kern/kern_sysctl.c,v retrieving revision 1.92.2.5 diff -u -r1.92.2.5 kern_sysctl.c --- kern/kern_sysctl.c 2001/06/18 23:48:13 1.92.2.5 +++ kern/kern_sysctl.c 2001/10/25 15:26:31 @@ -281,15 +281,26 @@ */ if ((oidp->oid_kind & CTLTYPE) == CTLTYPE_NODE) { if (oidp->oid_refcnt == 1) { - SLIST_FOREACH(p, SYSCTL_CHILDREN(oidp), oid_link) { - if (!recurse) + if (!SLIST_EMPTY(SYSCTL_CHILDREN(oidp)) && !recurse) return (ENOTEMPTY); - error = sysctl_remove_oid(p, del, recurse); - if (error) - return (error); - } - if (del) + + if (del) { + while (!SLIST_EMPTY(SYSCTL_CHILDREN(oidp))) { + p = SLIST_FIRST(SYSCTL_CHILDREN(oidp)); + error = sysctl_remove_oid(p, del, recurse); + if (error) + return (error); + } free(SYSCTL_CHILDREN(oidp), M_SYSCTLOID); + } else { + SLIST_FOREACH(p, SYSCTL_CHILDREN(oidp), oid_link) { + if (!recurse) + return (ENOTEMPTY); + error = sysctl_remove_oid(p, del, recurse); + if (error) + return (error); + } + } } } if (oidp->oid_refcnt > 1 ) { >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message