fix allocation handling bugs in amap_alloc1(). if the first or second
sub-structure malloc() failed, it was quite likely that the function would return success incorrectly. This is this direct cause of the bug reported in PR#7897. (Thanks to chs for helping to track it down.)
This commit is contained in:
parent
2842a2f6bb
commit
5cc6a54251
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: uvm_amap.c,v 1.20 1999/04/11 04:04:11 chs Exp $ */
|
||||
/* $NetBSD: uvm_amap.c,v 1.21 1999/07/06 02:15:53 cgd Exp $ */
|
||||
|
||||
/*
|
||||
*
|
||||
@ -191,23 +191,28 @@ amap_alloc1(slots, padslots, waitf)
|
||||
amap->am_maxslot = totalslots;
|
||||
amap->am_nslot = slots;
|
||||
amap->am_nused = 0;
|
||||
MALLOC(amap->am_slots, int *, totalslots * sizeof(int), M_UVMAMAP, waitf);
|
||||
if (amap->am_slots) {
|
||||
MALLOC(amap->am_bckptr, int *, totalslots * sizeof(int), M_UVMAMAP, waitf);
|
||||
if (amap->am_bckptr) {
|
||||
MALLOC(amap->am_anon, struct vm_anon **,
|
||||
totalslots * sizeof(struct vm_anon *), M_UVMAMAP, waitf);
|
||||
}
|
||||
}
|
||||
|
||||
if (amap->am_anon)
|
||||
return(amap);
|
||||
amap->am_slots = malloc(totalslots * sizeof(int), M_UVMAMAP,
|
||||
waitf);
|
||||
if (amap->am_slots == NULL)
|
||||
goto fail1;
|
||||
|
||||
if (amap->am_slots) {
|
||||
FREE(amap->am_slots, M_UVMAMAP);
|
||||
if (amap->am_bckptr)
|
||||
FREE(amap->am_bckptr, M_UVMAMAP);
|
||||
}
|
||||
amap->am_bckptr = malloc(totalslots * sizeof(int), M_UVMAMAP, waitf);
|
||||
if (amap->am_bckptr == NULL)
|
||||
goto fail2;
|
||||
|
||||
amap->am_anon = malloc(totalslots * sizeof(struct vm_anon *),
|
||||
M_UVMAMAP, waitf);
|
||||
if (amap->am_anon == NULL)
|
||||
goto fail3;
|
||||
|
||||
return(amap);
|
||||
|
||||
fail3:
|
||||
free(amap->am_bckptr, M_UVMAMAP);
|
||||
fail2:
|
||||
free(amap->am_slots, M_UVMAMAP);
|
||||
fail1:
|
||||
pool_put(&uvm_amap_pool, amap);
|
||||
return (NULL);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user