Message ID | 1337173681-25891-4-git-send-email-jim@meyering.net |
---|---|
State | New |
Headers | show |
On 16 May 2012 14:07, Jim Meyering <jim@meyering.net> wrote: > From: Jim Meyering <meyering@redhat.com> > > > Signed-off-by: Jim Meyering <meyering@redhat.com> > --- > linux-user/syscall.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index 20d2a74..bdf8ce0 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -2814,6 +2814,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, > end: > if (target_mb) > unlock_user_struct(target_mb, msgp, 1); > + free(host_mb); > return ret; > } This will cause us to free() host_mb twice in the normal-return case. -- PMM
Peter Maydell wrote: > On 16 May 2012 14:07, Jim Meyering <jim@meyering.net> wrote: >> From: Jim Meyering <meyering@redhat.com> >> >> >> Signed-off-by: Jim Meyering <meyering@redhat.com> >> --- >> linux-user/syscall.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/linux-user/syscall.c b/linux-user/syscall.c >> index 20d2a74..bdf8ce0 100644 >> --- a/linux-user/syscall.c >> +++ b/linux-user/syscall.c >> @@ -2814,6 +2814,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, >> end: >> if (target_mb) >> unlock_user_struct(target_mb, msgp, 1); >> + free(host_mb); >> return ret; >> } > > This will cause us to free() host_mb twice in the normal-return case. Good catch. Thanks. V2 corrects that.
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 20d2a74..bdf8ce0 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2814,6 +2814,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, end: if (target_mb) unlock_user_struct(target_mb, msgp, 1); + free(host_mb); return ret; }