FreeBSD Mail Archives

Date:      Wed, 11 May 2016 23:16:11 +0000 (UTC)
From:      "Conrad E. Meyer" <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r299494 - head/sys/kern
Message-ID:  <201605112316.u4BNGBoR056658@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: cem
Date: Wed May 11 23:16:11 2016
New Revision: 299494
URL: https://svnweb.freebsd.org/changeset/base/299494

Log:
  subr_vmem: Fix double-free in error case of vmem_create
  
  If vmem_init() fails, 'vm' is already destroyed and freed.  Don't free it
  again.
  
  Reported by:	Coverity
  CID:		1042110
  Sponsored by:	EMC / Isilon Storage Division

Modified:
  head/sys/kern/subr_vmem.c

Modified: head/sys/kern/subr_vmem.c
==============================================================================
--- head/sys/kern/subr_vmem.c	Wed May 11 23:00:12 2016	(r299493)
+++ head/sys/kern/subr_vmem.c	Wed May 11 23:16:11 2016	(r299494)
@@ -1046,10 +1046,8 @@ vmem_create(const char *name, vmem_addr_
 	if (vm == NULL)
 		return (NULL);
 	if (vmem_init(vm, name, base, size, quantum, qcache_max,
-	    flags) == NULL) {
-		free(vm, M_VMEM);
+	    flags) == NULL)
 		return (NULL);
-	}
 	return (vm);
 }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605112316.u4BNGBoR056658>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation