Author: kib
Date: Fri Dec 30 19:58:06 2011
New Revision: 229016
URL: http://svn.freebsd.org/changeset/base/229016
Log:
MFC r228178:
If alloc_unr() call in the pipe_create() failed, then pipe->pipe_ino is
-1. But, because ino_t is unsigned, this case was not covered by the
test ino > 0 in pipeclose(), leading to the free_unr(-1). Fix it by
explicitely comparing with 0 and -1.
Do no access freed memory, the inode number was cached to prevent access
to cpipe after it possibly was freed, but I failed to commit the right
patch.
Modified:
stable/9/sys/kern/sys_pipe.c
Directory Properties:
stable/9/sys/ (props changed)
Modified: stable/9/sys/kern/sys_pipe.c
==============================================================================
--- stable/9/sys/kern/sys_pipe.c Fri Dec 30 19:24:53 2011
(r229015)
+++ stable/9/sys/kern/sys_pipe.c Fri Dec 30 19:58:06 2011
(r229016)
@@ -1554,8 +1554,8 @@ pipeclose(cpipe)
} else
PIPE_UNLOCK(cpipe);
- if (ino > 0)
- free_unr(pipeino_unr, cpipe->pipe_ino);
+ if (ino != 0 && ino != (ino_t)-1)
+ free_unr(pipeino_unr, ino);
}
/*ARGSUSED*/
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
