From caceaebff41c5ff70b85af601300aeb14082f209 Mon Sep 17 00:00:00 2001 From: ngie Date: Fri, 10 Jun 2016 14:45:20 +0000 Subject: [PATCH] MFC r299494: r299494 (by cem): subr_vmem: Fix double-free in error case of vmem_create If vmem_init() fails, 'vm' is already destroyed and freed. Don't free it again. CID: 1042110 git-svn-id: svn://svn.freebsd.org/base/stable/10@301791 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/kern/subr_vmem.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sys/kern/subr_vmem.c b/sys/kern/subr_vmem.c index 80940be44..2ec45c384 100644 --- a/sys/kern/subr_vmem.c +++ b/sys/kern/subr_vmem.c @@ -1046,10 +1046,8 @@ vmem_create(const char *name, vmem_addr_t base, vmem_size_t size, if (vm == NULL) return (NULL); if (vmem_init(vm, name, base, size, quantum, qcache_max, - flags) == NULL) { - free(vm, M_VMEM); + flags) == NULL) return (NULL); - } return (vm); } -- 2.45.0