diff options
author | dillon <dillon@FreeBSD.org> | 2002-03-20 04:05:26 +0000 |
---|---|---|
committer | dillon <dillon@FreeBSD.org> | 2002-03-20 04:05:26 +0000 |
commit | 24fdcd89ad7474e39c39b6ae22c234c6b0d5b40c (patch) | |
tree | c5d7062c28d7b4e170985fb4044a6f0a976d4d9e /sys/net/zlib.c | |
parent | 9ef9bf2eafae98b3e22da0b2e655ede34057de17 (diff) | |
download | FreeBSD-src-24fdcd89ad7474e39c39b6ae22c234c6b0d5b40c.zip FreeBSD-src-24fdcd89ad7474e39c39b6ae22c234c6b0d5b40c.tar.gz |
Fix a bug introduced in 1.11 (and also MFCd to stable AND the security branch)
that causes a machine to panic when the kernel PPP / DEFLATE code is used.
1.11 moved a ZFREE to a point after the structural members were clobbered
by stores into a union'd structure.
This commit fixes the bug and adds a big whopping comment to make sure
the code isn't 'cleaned up' again :-)
Ian Dowse came up with the same patch independantly 68 seconds before I
did, talk about Karma!
I would also like to thank Eugene Grosbein for marathon work in tracking the
problem down by udpating his -stable based on date over and over again
to close in on the commit that caused his crashes.
PR: kern/35969
Reviewed by: Ian Dowse <iedowse@maths.tcd.ie>
X-MFC after: immediately
Diffstat (limited to 'sys/net/zlib.c')
-rw-r--r-- | sys/net/zlib.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/net/zlib.c b/sys/net/zlib.c index bf1f72d..feef531 100644 --- a/sys/net/zlib.c +++ b/sys/net/zlib.c @@ -3951,11 +3951,15 @@ int r; r = Z_MEM_ERROR; LEAVE } + /* + * this ZFREE must occur *BEFORE* we mess with sub.decode, because + * sub.trees is union'd with sub.decode. + */ + ZFREE(z, s->sub.trees.blens); s->sub.decode.codes = c; s->sub.decode.tl = tl; s->sub.decode.td = td; } - ZFREE(z, s->sub.trees.blens); s->mode = CODES; case CODES: UPDATE |