From: tedu Date: Tue, 12 Jul 2016 14:28:02 +0000 (+0000) Subject: in the great unp_gc rewrite, a null check was lost. we have spent some X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=fc98e2bdc0c653eee0b3e9a76a6d96f190c4eb04;p=openbsd in the great unp_gc rewrite, a null check was lost. we have spent some time investigating and arguing about whether a NULL fp is a bug or not, but what has become clear is that NULL fps get passed to unp_discard and have been for quite some time. restore old accomodating behavior by checking for null in unp_gc. ok deraadt kettenis --- diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 60e4f11b41f..ea4c716b0bb 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.98 2016/07/12 13:19:14 deraadt Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.99 2016/07/12 14:28:02 tedu Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -898,6 +898,8 @@ unp_gc(void *arg __unused) for (i = 0; i < defer->ud_n; i++) { memcpy(&fp, &((struct file **)(defer + 1))[i], sizeof(fp)); + if (fp == NULL) + continue; FREF(fp); if ((unp = fptounp(fp)) != NULL) unp->unp_msgcount--;