aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2003-10-02 15:58:53 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2003-10-02 15:58:53 +0000
commite730271a767d14a832bc880053c32aa8bf1b2df1 (patch)
tree6aa0ba5e66c890238aeb839546c5bb3d1e9c6fe9
parenta4b0aeeacaa89a37c65598c6043a4b408921db7e (diff)
downloadsrc-e730271a767d14a832bc880053c32aa8bf1b2df1.tar.gz
src-e730271a767d14a832bc880053c32aa8bf1b2df1.zip
MFS 1.55.2.11: Correct a reference counting bug in readv(2).
Notes
Notes: svn path=/releng/4.6/; revision=120667
-rw-r--r--UPDATING3
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/kern/sys_generic.c12
3 files changed, 10 insertions, 7 deletions
diff --git a/UPDATING b/UPDATING
index 98fabb2464f6..4886ce36402b 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,9 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20031002: p24 FreeBSD-SA-03:16.filedesc
+ Correct a reference counting bug in readv(2).
+
20030924: p23 FreeBSD-SA-03:14.arp
Updated fix for arplookup bug.
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 3db67eb29e51..45f95b958793 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -36,7 +36,7 @@
TYPE="FreeBSD"
REVISION="4.6.2"
-BRANCH="RELEASE-p23"
+BRANCH="RELEASE-p24"
RELEASE="${REVISION}-${BRANCH}"
VERSION="${TYPE} ${RELEASE}"
diff --git a/sys/kern/sys_generic.c b/sys/kern/sys_generic.c
index bcea567e51e0..bab39b55da35 100644
--- a/sys/kern/sys_generic.c
+++ b/sys/kern/sys_generic.c
@@ -231,7 +231,7 @@ readv(p, uap)
register struct filedesc *fdp = p->p_fd;
struct uio auio;
register struct iovec *iov;
- struct iovec *needfree;
+ struct iovec *needfree = NULL;
struct iovec aiov[UIO_SMALLIOV];
long i, cnt, error = 0;
u_int iovlen;
@@ -245,14 +245,14 @@ readv(p, uap)
/* note: can't use iovlen until iovcnt is validated */
iovlen = uap->iovcnt * sizeof (struct iovec);
if (uap->iovcnt > UIO_SMALLIOV) {
- if (uap->iovcnt > UIO_MAXIOV)
- return (EINVAL);
+ if (uap->iovcnt > UIO_MAXIOV) {
+ error = EINVAL;
+ goto done;
+ }
MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK);
needfree = iov;
- } else {
+ } else
iov = aiov;
- needfree = NULL;
- }
auio.uio_iov = iov;
auio.uio_iovcnt = uap->iovcnt;
auio.uio_rw = UIO_READ;