From: Antonio Quartulli <[email protected]> Date: Tue, 19 Jun 2012 21:26:39 +0200
> skb_linearize(skb) possibly rearranges the skb internal data and then changes > the skb->data pointer value. For this reason any other pointer in the code > that > was assigned skb->data before invoking skb_linearise(skb) must be re-assigned. > > In the current tt_query message handling code this is not done and therefore, > in > case of skb linearization, the pointer used to handle the packet header ends > up > in pointing to free'd memory. > > This bug was introduced by a73105b8d4c765d9ebfb664d0a66802127d8e4c7 > (batman-adv: improved client announcement mechanism) > > Signed-off-by: Antonio Quartulli <[email protected]> > Cc: <[email protected]> Applied. Submit things properly in the future so you don't give me unnecessary merge hassles like this again. -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
