diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2021-12-21 22:21:33 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2021-12-21 22:21:33 +0000 |
| commit | 1d3b6ce323b6bd2ea678d6e43758b2c11371acf1 (patch) | |
| tree | b8bf32601a0afc96aadd6102a73ecc2c1464902b | |
| parent | 97f912c505eb8f2f491db4874ee9e4d4b545057c (diff) | |
Fix a typo in mlock(2) error path triggering a double-free.
Pass the correct entry to uvm_fault_unwire_locked().
Reported-by: syzbot+bb2f63f076618e9ed0d3@syzkaller.appspotmail.com
ok kettenis@, deraadt@
| -rw-r--r-- | sys/uvm/uvm_map.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/uvm/uvm_map.c b/sys/uvm/uvm_map.c index d4e420d4c1e..c931418f753 100644 --- a/sys/uvm/uvm_map.c +++ b/sys/uvm/uvm_map.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_map.c,v 1.281 2021/12/15 12:53:53 mpi Exp $ */ +/* $OpenBSD: uvm_map.c,v 1.282 2021/12/21 22:21:32 mpi Exp $ */ /* $NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $ */ /* @@ -2420,7 +2420,7 @@ uvm_map_pageable_wire(struct vm_map *map, struct vm_map_entry *first, first->wired_count--; if (!VM_MAPENT_ISWIRED(first)) { uvm_fault_unwire_locked(map, - iter->start, iter->end); + first->start, first->end); } } |