From cd3f943120e9a57414ff6b63149b6057d01a7511 Mon Sep 17 00:00:00 2001
From: phk <phk@FreeBSD.org>
Date: Tue, 17 Sep 1996 19:50:23 +0000
Subject: Fix a very rare error condition:  The code to free VM back to the
 kernel as done after a quasi-recursive call to free() had modified what we
 thought we knew about the last chunk of pages. This bug manifested itself
 when I did a "make obj" from src/usr.sbin/lpr, then make would coredump in
 the lpd directory.

---
 lib/libc/stdlib/malloc.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib/libc')

diff --git a/lib/libc/stdlib/malloc.c b/lib/libc/stdlib/malloc.c
index e8543e4..2d5d73d 100644
--- a/lib/libc/stdlib/malloc.c
+++ b/lib/libc/stdlib/malloc.c
@@ -6,7 +6,7 @@
  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
  * ----------------------------------------------------------------------------
  *
- * $Id: malloc.c,v 1.10 1996/01/22 00:01:44 julian Exp $
+ * $Id: malloc.c,v 1.11 1996/07/03 05:03:07 phk Exp $
  *
  */
 
@@ -942,7 +942,7 @@ static __inline void
 free_pages(void *ptr, int index, struct pginfo *info)
 {
     int i;
-    struct pgfree *pf,*pt;
+    struct pgfree *pf,*pt=0;
     u_long l;
     void *tail;
 
@@ -1013,7 +1013,6 @@ free_pages(void *ptr, int index, struct pginfo *info)
 		pf->next = pt->next;
 		if (pf->next)
 		    pf->next->prev = pf;
-		free(pt);
 	    }
 	} else if (pf->page == tail) {
 	    /* Prepend to entry */
@@ -1055,6 +1054,8 @@ free_pages(void *ptr, int index, struct pginfo *info)
 
 	/* XXX: We could realloc/shrink the pagedir here I guess. */
     }
+    if (pt)
+	free(pt);
 }
 
 /*
-- 
cgit v1.1