> On Mon, 2016-02-29 at 12:22 +0000, Zhang Shengju wrote: > > If skb_reorder_vlan_header() failed, skb is freed and NULL is returned. > > Then at skb_vlan_untag(), it will free skbuff again which cause double > > free. > > On skb_reorder_vlan_header() failure, skb_vlan_untag() will call > kfree_skb() using the return value of skb_reorder_vlan_header(), that is > NULL. kfree_skb() is a noop when the argument is NULL. > > The current code seams safe. > > Paolo Hi Paolo, even current code is safe, this's still a potential problem. We should make an assumption that inner function doesn't free skb, and let outside function take care of this.
BRs, Shengju
