Correct a reference counting bug in shmat(2). If vm_map_find(9)

failed, the reference count for the virtual memory object referenced by the specified shared memory segment would have been erroneously incremented. Reported by: Joost Pol <joost@pine.nl>
2004-02-05 18:00:35 +00:00 · 2004-02-05 18:00:35 +00:00 · 6eba071b9a
commit 6eba071b9a
parent d9a02c577a
1 changed files with 1 additions and 0 deletions
--- a/sys/kern/sysv_shm.c
+++ b/sys/kern/sysv_shm.c
@ -378,6 +378,7 @@ kern_shmat(td, shmid, shmaddr, shmflg)
 	rv = vm_map_find(&p->p_vmspace->vm_map, shm_handle->shm_object,
 		0, &attach_va, size, (flags & MAP_FIXED)?0:1, prot, prot, 0);
 	if (rv != KERN_SUCCESS) {
+		vm_object_deallocate(shm_handle->shm_object);
 		error = ENOMEM;
 		goto done2;
 	}