svn commit: r299494 - head/sys/kern

Wed, 11 May 2016 16:16:31 -0700 

Author: cem
Date: Wed May 11 23:16:11 2016
New Revision: 299494
URL: https://svnweb.freebsd.org/changeset/base/299494

Log:
  subr_vmem: Fix double-free in error case of vmem_create
  
  If vmem_init() fails, 'vm' is already destroyed and freed.  Don't free it
  again.
  
  Reported by:  Coverity
  CID:          1042110
  Sponsored by: EMC / Isilon Storage Division

Modified:
  head/sys/kern/subr_vmem.c

Modified: head/sys/kern/subr_vmem.c
==============================================================================
--- head/sys/kern/subr_vmem.c   Wed May 11 23:00:12 2016        (r299493)
+++ head/sys/kern/subr_vmem.c   Wed May 11 23:16:11 2016        (r299494)
@@ -1046,10 +1046,8 @@ vmem_create(const char *name, vmem_addr_
        if (vm == NULL)
                return (NULL);
        if (vmem_init(vm, name, base, size, quantum, qcache_max,
-           flags) == NULL) {
-               free(vm, M_VMEM);
+           flags) == NULL)
                return (NULL);
-       }
        return (vm);
 }
 
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

Reply via email to