diff options
author | Mark Kettenis <kettenis@cvs.openbsd.org> | 2008-02-21 10:40:49 +0000 |
---|---|---|
committer | Mark Kettenis <kettenis@cvs.openbsd.org> | 2008-02-21 10:40:49 +0000 |
commit | fe18380ae8decc4fcc1ea78ae391c603818db7e5 (patch) | |
tree | 53d7738c7aa863de928c9e3c1aa573089f5a8823 | |
parent | 9a05d826f205eb4975004b79fa5c9a8423b8a16b (diff) |
Prevent possible free list corruption when malloc(9) sleeps.
From NetBSD, kindly pointed out by YAMAMOTO Takashi.
ok miod@
-rw-r--r-- | sys/kern/kern_malloc.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c index a344160b7ed..a0569254c6a 100644 --- a/sys/kern/kern_malloc.c +++ b/sys/kern/kern_malloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_malloc.c,v 1.73 2007/09/15 10:10:37 martin Exp $ */ +/* $OpenBSD: kern_malloc.c,v 1.74 2008/02/21 10:40:48 kettenis Exp $ */ /* $NetBSD: kern_malloc.c,v 1.15.4.2 1996/06/13 17:10:56 cgd Exp $ */ /* @@ -196,7 +196,6 @@ malloc(unsigned long size, int type, int flags) copysize = 1 << indx < MAX_COPY ? 1 << indx : MAX_COPY; #endif if (kbp->kb_next == NULL) { - kbp->kb_last = NULL; if (size > MAXALLOCSAVE) allocsize = round_page(size); else @@ -261,7 +260,7 @@ malloc(unsigned long size, int type, int flags) freep->next = cp; } freep->next = savedlist; - if (kbp->kb_last == NULL) + if (savedlist == NULL) kbp->kb_last = (caddr_t)freep; } va = kbp->kb_next; |