On Thu, Nov 29, 2018 at 04:51:19PM -0200, Martin Pieuchot wrote:
> Trivial one, ok?
>
> Index: kern/sysv_msg.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/sysv_msg.c,v
> retrieving revision 1.33
> diff -u -p -r1.33 sysv_msg.c
> --- kern/sysv_msg.c 15 Sep 2016 02:00:16 -0000 1.33
> +++ kern/sysv_msg.c 29 Nov 2018 18:47:05 -0000
> @@ -699,7 +699,7 @@ sysctl_sysvmsg(int *name, u_int namelen,
> msginfo.msgmni * sizeof(struct msqid_ds);
>
infolen is calculated twice; the first infolen calculation is used as
argument to malloc(). Your diff makes the second one the size argument
to free(), which doesn't seem correct.
> if (*sizep < infolen) {
> - free(info, M_TEMP, 0);
> + free(info, M_TEMP, infolen);
> return (ENOMEM);
> }
>
> @@ -716,7 +716,7 @@ sysctl_sysvmsg(int *name, u_int namelen,
>
> error = copyout(info, where, infolen);
>
> - free(info, M_TEMP, 0);
> + free(info, M_TEMP, infolen);
>
> return (error);
>
>
