> freeing uidinfo: uid = 0, sbsize = 3197224
> freeing uidinfo: uid = 0, proccnt = 86
[...]
> trap(c8d20018,c01d0010,c8cb0010,4,c0b3351c) at trap+0x5d0
> calltrap() at calltrap+0x5
> --- trap 0xc, eip = 0xc01ba652, esp = 0xc8d27ed4, ebp = 0xc8d27ee0 ---
> _mtx_lock_sleep(c0b3351c,0,c035076c,364) at mtx_lock_sleep+0x342
> chgproccnt(c0b33500,ffffffff,0,c1280900,c03b0d40,c8d26bbc,c1280900) at
>chgproccnt+0x67
The ui_ref member in struct uidinfo is only 16 bits. This means that
a fatal wraparound due to a missing call to uifree() can happen rather
quickly.
Index: sys/kern/kern_prot.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_prot.c,v
retrieving revision 1.91
diff -u -r1.91 kern_prot.c
--- sys/kern/kern_prot.c 2001/05/25 16:59:06 1.91
+++ sys/kern/kern_prot.c 2001/05/27 07:10:10
@@ -1303,6 +1303,8 @@
*/
if (cr->cr_uidinfo != NULL)
uifree(cr->cr_uidinfo);
+ if (cr->cr_ruidinfo != NULL)
+ uifree(cr->cr_ruidinfo);
/*
* Free a prison, if any.
*/
- Tor Egge
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
