Author: ngie
Date: Fri Jun 10 14:45:20 2016
New Revision: 301791
URL: https://svnweb.freebsd.org/changeset/base/301791
Log:
MFC r299494:
r299494 (by cem):
subr_vmem: Fix double-free in error case of vmem_create
If vmem_init() fails, 'vm' is already destroyed and freed. Don't free it
again.
CID: 1042110
Modified:
stable/10/sys/kern/subr_vmem.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/kern/subr_vmem.c
==============================================================================
--- stable/10/sys/kern/subr_vmem.c Fri Jun 10 14:42:36 2016
(r301790)
+++ stable/10/sys/kern/subr_vmem.c Fri Jun 10 14:45:20 2016
(r301791)
@@ -1046,10 +1046,8 @@ vmem_create(const char *name, vmem_addr_
if (vm == NULL)
return (NULL);
if (vmem_init(vm, name, base, size, quantum, qcache_max,
- flags) == NULL) {
- free(vm, M_VMEM);
+ flags) == NULL)
return (NULL);
- }
return (vm);
}
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
