From 5cc6a542511400b9da60eb34507d6d6d4264615f Mon Sep 17 00:00:00 2001 From: cgd Date: Tue, 6 Jul 1999 02:15:53 +0000 Subject: [PATCH] fix allocation handling bugs in amap_alloc1(). if the first or second sub-structure malloc() failed, it was quite likely that the function would return success incorrectly. This is this direct cause of the bug reported in PR#7897. (Thanks to chs for helping to track it down.) --- sys/uvm/uvm_amap.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/sys/uvm/uvm_amap.c b/sys/uvm/uvm_amap.c index 1d596a703f99..6b313b6ecc07 100644 --- a/sys/uvm/uvm_amap.c +++ b/sys/uvm/uvm_amap.c @@ -1,4 +1,4 @@ -/* $NetBSD: uvm_amap.c,v 1.20 1999/04/11 04:04:11 chs Exp $ */ +/* $NetBSD: uvm_amap.c,v 1.21 1999/07/06 02:15:53 cgd Exp $ */ /* * @@ -191,23 +191,28 @@ amap_alloc1(slots, padslots, waitf) amap->am_maxslot = totalslots; amap->am_nslot = slots; amap->am_nused = 0; - MALLOC(amap->am_slots, int *, totalslots * sizeof(int), M_UVMAMAP, waitf); - if (amap->am_slots) { - MALLOC(amap->am_bckptr, int *, totalslots * sizeof(int), M_UVMAMAP, waitf); - if (amap->am_bckptr) { - MALLOC(amap->am_anon, struct vm_anon **, - totalslots * sizeof(struct vm_anon *), M_UVMAMAP, waitf); - } - } - if (amap->am_anon) - return(amap); + amap->am_slots = malloc(totalslots * sizeof(int), M_UVMAMAP, + waitf); + if (amap->am_slots == NULL) + goto fail1; - if (amap->am_slots) { - FREE(amap->am_slots, M_UVMAMAP); - if (amap->am_bckptr) - FREE(amap->am_bckptr, M_UVMAMAP); - } + amap->am_bckptr = malloc(totalslots * sizeof(int), M_UVMAMAP, waitf); + if (amap->am_bckptr == NULL) + goto fail2; + + amap->am_anon = malloc(totalslots * sizeof(struct vm_anon *), + M_UVMAMAP, waitf); + if (amap->am_anon == NULL) + goto fail3; + + return(amap); + +fail3: + free(amap->am_bckptr, M_UVMAMAP); +fail2: + free(amap->am_slots, M_UVMAMAP); +fail1: pool_put(&uvm_amap_pool, amap); return (NULL); }