fix allocation handling bugs in amap_alloc1(). if the first or second

sub-structure malloc() failed, it was quite likely that the function
would return success incorrectly.  This is this direct cause of the bug
reported in PR#7897.  (Thanks to chs for helping to track it down.)
This commit is contained in:
cgd 1999-07-06 02:15:53 +00:00
parent 2842a2f6bb
commit 5cc6a54251

View File

@ -1,4 +1,4 @@
/* $NetBSD: uvm_amap.c,v 1.20 1999/04/11 04:04:11 chs Exp $ */
/* $NetBSD: uvm_amap.c,v 1.21 1999/07/06 02:15:53 cgd Exp $ */
/*
*
@ -191,23 +191,28 @@ amap_alloc1(slots, padslots, waitf)
amap->am_maxslot = totalslots;
amap->am_nslot = slots;
amap->am_nused = 0;
MALLOC(amap->am_slots, int *, totalslots * sizeof(int), M_UVMAMAP, waitf);
if (amap->am_slots) {
MALLOC(amap->am_bckptr, int *, totalslots * sizeof(int), M_UVMAMAP, waitf);
if (amap->am_bckptr) {
MALLOC(amap->am_anon, struct vm_anon **,
totalslots * sizeof(struct vm_anon *), M_UVMAMAP, waitf);
}
}
if (amap->am_anon)
return(amap);
amap->am_slots = malloc(totalslots * sizeof(int), M_UVMAMAP,
waitf);
if (amap->am_slots == NULL)
goto fail1;
if (amap->am_slots) {
FREE(amap->am_slots, M_UVMAMAP);
if (amap->am_bckptr)
FREE(amap->am_bckptr, M_UVMAMAP);
}
amap->am_bckptr = malloc(totalslots * sizeof(int), M_UVMAMAP, waitf);
if (amap->am_bckptr == NULL)
goto fail2;
amap->am_anon = malloc(totalslots * sizeof(struct vm_anon *),
M_UVMAMAP, waitf);
if (amap->am_anon == NULL)
goto fail3;
return(amap);
fail3:
free(amap->am_bckptr, M_UVMAMAP);
fail2:
free(amap->am_slots, M_UVMAMAP);
fail1:
pool_put(&uvm_amap_pool, amap);
return (NULL);
}