Peter Maydell wrote: > On 16 May 2012 14:07, Jim Meyering <j...@meyering.net> wrote: >> From: Jim Meyering <meyer...@redhat.com> >> >> >> Signed-off-by: Jim Meyering <meyer...@redhat.com> >> --- >> linux-user/syscall.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/linux-user/syscall.c b/linux-user/syscall.c >> index 20d2a74..bdf8ce0 100644 >> --- a/linux-user/syscall.c >> +++ b/linux-user/syscall.c >> @@ -2814,6 +2814,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long >> msgp, >> end: >> if (target_mb) >> unlock_user_struct(target_mb, msgp, 1); >> + free(host_mb); >> return ret; >> } > > This will cause us to free() host_mb twice in the normal-return case.
Good catch. Thanks. V2 corrects that.
