[629] in linux-net channel archive
NULL dereference in skb code
daemon@ATHENA.MIT.EDU (Paul Gortmaker)
Sat Jul 8 01:18:03 1995
From: Paul Gortmaker <gpg109@rsphy1.anu.edu.au>
To: iialan@www.linux.org.uk (Alan Cox)
Date: Fri, 7 Jul 1995 19:06:54 +1000 (EST)
Cc: linux-net@vger.rutgers.edu
Hi again,
I just got a NULL dereference panic with 1.3.6 (can't run 1.3.7
because of the c'sum problem I reported earlier). I won't bore you with
all of the stack/trace/code numbers as this one is dead easy. I haven't
verified it with gdb, but it seems pretty obvious. It wasn't fixed in
1.3.7 either.
In dev_alloc_skb() the result of the alloc_skb() call is not checked for
NULL before passing the NULL pointer to skb_reserve() -- which is when the
kernel chokes on the NULL dereference. This panic will always be preceeded by
a "Couldn't get a free page..." message. I guess this would fix it, as the
device drivers one layer up can handle being fed a NULL.
- skb_reserve(skb,16);
+ if (skb) skb_reserve(skb,16);
Regards,
Paul.
