diff options
| author | phk <phk@FreeBSD.org> | 1996-09-17 19:50:23 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 1996-09-17 19:50:23 +0000 |
| commit | cd3f943120e9a57414ff6b63149b6057d01a7511 (patch) | |
| tree | b0e12a164e41e8fa879aaf7e0f907f1da473e5b7 /lib/libc/stdlib/malloc.c | |
| parent | 881d2edd2e979bc95371d927e030ba39492e7c55 (diff) | |
| download | FreeBSD-src-cd3f943120e9a57414ff6b63149b6057d01a7511.zip FreeBSD-src-cd3f943120e9a57414ff6b63149b6057d01a7511.tar.gz | |
Fix a very rare error condition: The code to free VM back to the kernel
as done after a quasi-recursive call to free() had modified what we
thought we knew about the last chunk of pages.
This bug manifested itself when I did a "make obj" from src/usr.sbin/lpr,
then make would coredump in the lpd directory.
Diffstat (limited to 'lib/libc/stdlib/malloc.c')
| -rw-r--r-- | lib/libc/stdlib/malloc.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c index e8543e4..2d5d73d 100644 --- a/lib/libc/stdlib/malloc.c +++ b/lib/libc/stdlib/malloc.c @@ -6,7 +6,7 @@ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp * ---------------------------------------------------------------------------- * - * $Id: malloc.c,v 1.10 1996/01/22 00:01:44 julian Exp $ + * $Id: malloc.c,v 1.11 1996/07/03 05:03:07 phk Exp $ * */ @@ -942,7 +942,7 @@ static __inline void free_pages(void *ptr, int index, struct pginfo *info) { int i; - struct pgfree *pf,*pt; + struct pgfree *pf,*pt=0; u_long l; void *tail; @@ -1013,7 +1013,6 @@ free_pages(void *ptr, int index, struct pginfo *info) pf->next = pt->next; if (pf->next) pf->next->prev = pf; - free(pt); } } else if (pf->page == tail) { /* Prepend to entry */ @@ -1055,6 +1054,8 @@ free_pages(void *ptr, int index, struct pginfo *info) /* XXX: We could realloc/shrink the pagedir here I guess. */ } + if (pt) + free(pt); } /* |
