From 59d8b3100291c8b462e8e1700e110a86ea354cf0 Mon Sep 17 00:00:00 2001
From: Sam Leffler <sam@FreeBSD.org>
Date: Thu, 24 Feb 2005 00:40:33 +0000
Subject: [PATCH] change m_adj to reclaim unused mbufs instead of zero'ing
 m_len when trim'ing space off the back of a chain; this is indirect solution
 to a potential null ptr deref

Noticed by:	Coverity Prevent analysis tool (null ptr deref)
Reviewed by:	dg, rwatson
---
 sys/kern/uipc_mbuf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/kern/uipc_mbuf.c b/sys/kern/uipc_mbuf.c
index aece312381c..4d832a8f071 100644
--- a/sys/kern/uipc_mbuf.c
+++ b/sys/kern/uipc_mbuf.c
@@ -691,12 +691,14 @@ m_adj(struct mbuf *mp, int req_len)
 		for (; m; m = m->m_next) {
 			if (m->m_len >= count) {
 				m->m_len = count;
+				if (m->m_next != NULL) {
+					m_freem(m->m_next);
+					m->m_next = NULL;
+				}
 				break;
 			}
 			count -= m->m_len;
 		}
-		while (m->m_next)
-			(m = m->m_next) ->m_len = 0;
 	}
 }