[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 1/2] slirp: Fix use after release on tcp_input
|
From: |
Jan Kiszka |
|
Subject: |
[Qemu-devel] [PATCH 1/2] slirp: Fix use after release on tcp_input |
|
Date: |
Wed, 28 Sep 2011 13:12:11 +0200 |
ti points into the m buffer. But the latter may already be released
right after the dodata: label. Move the test before the potential
release.
Signed-off-by: Jan Kiszka <address@hidden>
---
slirp/tcp_input.c | 22 ++++++++++------------
1 files changed, 10 insertions(+), 12 deletions(-)
diff --git a/slirp/tcp_input.c b/slirp/tcp_input.c
index 2f1a196..942aaf4 100644
--- a/slirp/tcp_input.c
+++ b/slirp/tcp_input.c
@@ -1157,6 +1157,16 @@ step6:
dodata:
/*
+ * If this is a small packet, then ACK now - with Nagel
+ * congestion avoidance sender won't send more until
+ * he gets an ACK.
+ */
+ if (ti->ti_len && (unsigned)ti->ti_len <= 5 &&
+ ((struct tcpiphdr_2 *)ti)->first_char == (char)27) {
+ tp->t_flags |= TF_ACKNOW;
+ }
+
+ /*
* Process the segment text, merging it into the TCP sequencing queue,
* and arranging for acknowledgment of receipt if necessary.
* This process logically involves adjusting tp->rcv_wnd as data
@@ -1235,18 +1245,6 @@ dodata:
}
/*
- * If this is a small packet, then ACK now - with Nagel
- * congestion avoidance sender won't send more until
- * he gets an ACK.
- *
- * See above.
- */
- if (ti->ti_len && (unsigned)ti->ti_len <= 5 &&
- ((struct tcpiphdr_2 *)ti)->first_char == (char)27) {
- tp->t_flags |= TF_ACKNOW;
- }
-
- /*
* Return any desired output.
*/
if (needoutput || (tp->t_flags & TF_ACKNOW)) {
--
1.7.3.4