From f17a072a07c9241f9501289da18753df26f4abdc Mon Sep 17 00:00:00 2001
From: ngie <ngie@FreeBSD.org>
Date: Fri, 10 Jun 2016 14:45:20 +0000
Subject: MFC r299494: r299494 (by cem):

subr_vmem: Fix double-free in error case of vmem_create

If vmem_init() fails, 'vm' is already destroyed and freed.  Don't free it
again.

CID:		1042110
---
 sys/kern/subr_vmem.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'sys/kern/subr_vmem.c')

diff --git a/sys/kern/subr_vmem.c b/sys/kern/subr_vmem.c
index 80940be..2ec45c3 100644
--- a/sys/kern/subr_vmem.c
+++ b/sys/kern/subr_vmem.c
@@ -1046,10 +1046,8 @@ vmem_create(const char *name, vmem_addr_t base, vmem_size_t size,
 	if (vm == NULL)
 		return (NULL);
 	if (vmem_init(vm, name, base, size, quantum, qcache_max,
-	    flags) == NULL) {
-		free(vm, M_VMEM);
+	    flags) == NULL)
 		return (NULL);
-	}
 	return (vm);
 }
 
-- 
cgit v1.1