From 25b0a10c1ac670c01fb3e59c6e861da624956a79 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Thu, 2 Oct 2008 12:55:03 +0000 Subject: [PATCH] STABLE14-rx-current-packet-double-free-20081003 LICENSE MIT in rxi_WriteProc() make sure that rx_call currentPacket is set to NULL after the rx_packet is added to a queue or passed to rx_freePacket(). Otherwise we will panic when we attempt to call rx_freePacket twice on the same packet. (cherry picked from commit 1e7203940456e783aad215e939c04ed01dd45599) --- src/rx/rx_rdwr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/rx/rx_rdwr.c b/src/rx/rx_rdwr.c index 735e4da50..bcaa11870 100644 --- a/src/rx/rx_rdwr.c +++ b/src/rx/rx_rdwr.c @@ -1100,6 +1100,7 @@ rxi_WritevProc(struct rx_call *call, struct iovec *iov, int nio, int nbytes) hadd32(call->bytesSent, cp->length); rxi_PrepareSendPacket(call, cp, 0); queue_Append(&tmpq, cp); + cp = call->currentPacket = (struct rx_packet *)0; /* The head of the iovq is now the current packet */ if (nbytes) { -- 2.39.5