From e61e18f0d5d7bb20eb081d0159b184a89f64eba9 Mon Sep 17 00:00:00 2001
From: Brett Nash <nash@nash.space>
Date: Thu, 10 Feb 2022 11:02:22 -0800
Subject: slirp: Don't duplicate packet in tcp_reass

When debug is enabled, we duplicate the packet in tcp_reass, but ti is still
pointing to the old buffer, resulting in a use after free.

This makes valgrind debugging a little trickier, but makes it
crash a lot less.

Signed-off-by: Brett Nash <nash@fb.com>
---
 src/tcp_input.c | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'src')

diff --git a/src/tcp_input.c b/src/tcp_input.c
index bce0c82..ecca972 100644
--- a/src/tcp_input.c
+++ b/src/tcp_input.c
@@ -82,9 +82,6 @@ static void tcp_xmit_timer(register struct tcpcb *tp, int rtt);
 static int tcp_reass(register struct tcpcb *tp, register struct tcpiphdr *ti,
                      struct mbuf *m)
 {
-    if (m)
-        M_DUP_DEBUG(m->slirp, m, 0, 0);
-
     register struct tcpiphdr *q;
     struct socket *so = tp->t_socket;
     int flags;
-- 
cgit v1.1