diff options
author | Guillaume Chazarain <guichaz@yahoo.fr> | 2006-07-21 14:45:25 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-07-21 14:45:25 -0700 |
commit | 89e1df74f841fc31e81838d30594c4eff01859f8 (patch) | |
tree | a9a8069feccad982642f932ccef01f64a1391796 /REPORTING-BUGS | |
parent | fbeff3c1d35d07b1f967e47fcfb00cd16b7ecd02 (diff) | |
download | op-kernel-dev-89e1df74f841fc31e81838d30594c4eff01859f8.zip op-kernel-dev-89e1df74f841fc31e81838d30594c4eff01859f8.tar.gz |
[PKT_SCHED] netem: Fix slab corruption with netem (2nd try)
CONFIG_DEBUG_SLAB found the following bug:
netem_enqueue() in sch_netem.c gets a pointer inside a slab object:
struct netem_skb_cb *cb = (struct netem_skb_cb *)skb->cb;
But then, the slab object may be freed:
skb = skb_unshare(skb, GFP_ATOMIC)
cb is still pointing inside the freed skb, so here is a patch to
initialize cb later, and make it clear that initializing it sooner
is a bad idea.
[From Stephen Hemminger: leave cb unitialized in order to let gcc
complain in case of use before initialization]
Signed-off-by: Guillaume Chazarain <guichaz@yahoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'REPORTING-BUGS')
0 files changed, 0 insertions, 0 deletions