Module Name: src
Committed By: maxv
Date: Sun Jun 7 15:19:05 UTC 2020
Modified Files:
src/sys/kern: uipc_socket.c
Log Message:
Fix bohr bug triggered only once by syzkaller 2,5 months ago.
In sockopt_alloc(), 'sopt' may already have been initialized with
'sopt->sopt_data = sopt->sopt_buf'. If the allocation fails, we
end up with 'sopt->sopt_data = NULL', and later try to free this
NULL pointer in sockopt_destroy().
Fix that by not modifying 'sopt_data' if the allocation failed.
Difficult to reproduce in normal times, but fault(4) makes it
easy.
Reported-by: syzbot+380cb5d518742f063...@syzkaller.appspotmail.com
To generate a diff of this commit:
cvs rdiff -u -r1.289 -r1.290 src/sys/kern/uipc_socket.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
