From 82a32be1d66f895707ed08b5c908d8e9d8b34ce8 Mon Sep 17 00:00:00 2001 From: davidhaas Date: Mon, 31 Mar 2003 21:32:30 +0000 Subject: [PATCH] Fixed issue in pbuf_take(): old pbuf of type PBUF_REF was being referenced after being freed. Also, it was not being freed if it had been the first buffer in chain. It still needs to be freed then. --- src/core/pbuf.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/core/pbuf.c b/src/core/pbuf.c index 63bf8923..d78e0362 100644 --- a/src/core/pbuf.c +++ b/src/core/pbuf.c @@ -825,13 +825,6 @@ pbuf_take(struct pbuf *f) /* prev->next == p at this point */ /* break chain and insert new pbuf instead */ prev->next = q; - /* p is no longer pointed to by prev or by our caller, - * as the caller must do p = pbuf_take(p); so free it - * from reference through linkage. - * note that we have set p->next to NULL already so that - * we will not free the rest of the chain by accident. - */ - pbuf_free(p); /* prev == NULL, so we replaced the top pbuf of the chain */ } else top = q; @@ -842,6 +835,13 @@ pbuf_take(struct pbuf *f) /* do not copy ref, since someone else might be using the old buffer */ /* pbuf is not freed, as this is the responsibility of the application */ DEBUGF(PBUF_DEBUG, ("pbuf_take: replaced PBUF_REF %p with %p\n", (void *)p, (void *)q)); + /* p is no longer pointed to by prev or by our caller, + * as the caller must do p = pbuf_take(p); so free it + * from reference through linkage. + * note that we have set p->next to NULL already so that + * we will not free the rest of the chain by accident. + */ + pbuf_free(p); p = q; } else