summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMark Kettenis <kettenis@cvs.openbsd.org>2008-02-21 10:40:49 +0000
committerMark Kettenis <kettenis@cvs.openbsd.org>2008-02-21 10:40:49 +0000
commitfe18380ae8decc4fcc1ea78ae391c603818db7e5 (patch)
tree53d7738c7aa863de928c9e3c1aa573089f5a8823
parent9a05d826f205eb4975004b79fa5c9a8423b8a16b (diff)
Prevent possible free list corruption when malloc(9) sleeps.
From NetBSD, kindly pointed out by YAMAMOTO Takashi. ok miod@
-rw-r--r--sys/kern/kern_malloc.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c
index a344160b7ed..a0569254c6a 100644
--- a/sys/kern/kern_malloc.c
+++ b/sys/kern/kern_malloc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_malloc.c,v 1.73 2007/09/15 10:10:37 martin Exp $ */
+/* $OpenBSD: kern_malloc.c,v 1.74 2008/02/21 10:40:48 kettenis Exp $ */
/* $NetBSD: kern_malloc.c,v 1.15.4.2 1996/06/13 17:10:56 cgd Exp $ */
/*
@@ -196,7 +196,6 @@ malloc(unsigned long size, int type, int flags)
copysize = 1 << indx < MAX_COPY ? 1 << indx : MAX_COPY;
#endif
if (kbp->kb_next == NULL) {
- kbp->kb_last = NULL;
if (size > MAXALLOCSAVE)
allocsize = round_page(size);
else
@@ -261,7 +260,7 @@ malloc(unsigned long size, int type, int flags)
freep->next = cp;
}
freep->next = savedlist;
- if (kbp->kb_last == NULL)
+ if (savedlist == NULL)
kbp->kb_last = (caddr_t)freep;
}
va = kbp->kb_next;