On 16 May 2012 14:07, Jim Meyering <j...@meyering.net> wrote: > From: Jim Meyering <meyer...@redhat.com> > > > Signed-off-by: Jim Meyering <meyer...@redhat.com> > --- > linux-user/syscall.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 20d2a74..bdf8ce0 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -2814,6 +2814,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long > msgp, > end: > if (target_mb) > unlock_user_struct(target_mb, msgp, 1); > + free(host_mb); > return ret; > }
This will cause us to free() host_mb twice in the normal-return case. -- PMM
