fix allocation handling bugs in amap_alloc1(). if the first or second

sub-structure malloc() failed, it was quite likely that the function would return success incorrectly. This is this direct cause of the bug reported in PR#7897. (Thanks to chs for helping to track it down.)
1999-07-06 02:15:53 +00:00 · 1999-07-06 02:15:53 +00:00 · 5cc6a54251
parent 2842a2f6bb
commit 5cc6a54251
1 changed files with 21 additions and 16 deletions
--- a/sys/uvm/uvm_amap.c
+++ b/sys/uvm/uvm_amap.c
@ -1,4 +1,4 @@
-/*	$NetBSD: uvm_amap.c,v 1.20 1999/04/11 04:04:11 chs Exp $	*/
+/*	$NetBSD: uvm_amap.c,v 1.21 1999/07/06 02:15:53 cgd Exp $	*/

 /*
 *
@ -191,23 +191,28 @@ amap_alloc1(slots, padslots, waitf)
 	amap->am_maxslot = totalslots;
 	amap->am_nslot = slots;
 	amap->am_nused = 0;
-	MALLOC(amap->am_slots,  int *, totalslots * sizeof(int), M_UVMAMAP, waitf);
-	if (amap->am_slots) {
-		MALLOC(amap->am_bckptr, int *, totalslots * sizeof(int), M_UVMAMAP, waitf);
-		if (amap->am_bckptr) {
-			MALLOC(amap->am_anon, struct vm_anon **, 
-			    totalslots * sizeof(struct vm_anon *), M_UVMAMAP, waitf);
-		}
-	}

-	if (amap->am_anon)
-		return(amap);
+	amap->am_slots = malloc(totalslots * sizeof(int), M_UVMAMAP,
+	    waitf);
+	if (amap->am_slots == NULL)
+		goto fail1;

-	if (amap->am_slots) {
-		FREE(amap->am_slots, M_UVMAMAP);
-		if (amap->am_bckptr)
-			FREE(amap->am_bckptr, M_UVMAMAP);
-	}
+	amap->am_bckptr = malloc(totalslots * sizeof(int), M_UVMAMAP, waitf);
+	if (amap->am_bckptr == NULL)
+		goto fail2;
+
+	amap->am_anon = malloc(totalslots * sizeof(struct vm_anon *),
+	    M_UVMAMAP, waitf);
+	if (amap->am_anon == NULL)
+		goto fail3;
+
+	return(amap);
+
+fail3:
+	free(amap->am_bckptr, M_UVMAMAP);
+fail2:
+	free(amap->am_slots, M_UVMAMAP);
+fail1:
 	pool_put(&uvm_amap_pool, amap);
 	return (NULL);
 }