diff options
author | Brett Nash <nash@nash.space> | 2022-02-10 11:02:22 -0800 |
---|---|---|
committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2022-02-11 19:21:32 +0100 |
commit | e61e18f0d5d7bb20eb081d0159b184a89f64eba9 (patch) | |
tree | af20122280605a23527a54087fe1b1b93b67c6ff | |
parent | 2d133fbda01ce463b561a3de7a0a3ebf11391668 (diff) | |
download | slirp-e61e18f0d5d7bb20eb081d0159b184a89f64eba9.zip slirp-e61e18f0d5d7bb20eb081d0159b184a89f64eba9.tar.gz slirp-e61e18f0d5d7bb20eb081d0159b184a89f64eba9.tar.bz2 |
slirp: Don't duplicate packet in tcp_reass
When debug is enabled, we duplicate the packet in tcp_reass, but ti is still
pointing to the old buffer, resulting in a use after free.
This makes valgrind debugging a little trickier, but makes it
crash a lot less.
Signed-off-by: Brett Nash <nash@fb.com>
-rw-r--r-- | src/tcp_input.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/src/tcp_input.c b/src/tcp_input.c index bce0c82..ecca972 100644 --- a/src/tcp_input.c +++ b/src/tcp_input.c @@ -82,9 +82,6 @@ static void tcp_xmit_timer(register struct tcpcb *tp, int rtt); static int tcp_reass(register struct tcpcb *tp, register struct tcpiphdr *ti, struct mbuf *m) { - if (m) - M_DUP_DEBUG(m->slirp, m, 0, 0); - register struct tcpiphdr *q; struct socket *so = tp->t_socket; int flags; |