pipe_create has to zero out the select record earlier to avoid

returning a half-initialized pipe and causing pipeclose() to follow a junk pointer. Discovered by: "Nick S" <snicko@noid.org>
2001-05-17 17:59:28 +00:00 · 2001-05-17 17:59:28 +00:00 · 82a283fcf3
commit 82a283fcf3
parent 268511689c
1 changed files with 1 additions and 1 deletions
--- a/sys/kern/sys_pipe.c
+++ b/sys/kern/sys_pipe.c
@ -306,6 +306,7 @@ pipe_create(cpipep)
 	 * protect so pipeclose() doesn't follow a junk pointer
 	 * if pipespace() fails.
 	 */
+	bzero(&cpipe->pipe_sel, sizeof(cpipe->pipe_sel));
 	cpipe->pipe_state = 0;
 	cpipe->pipe_peer = NULL;
 	cpipe->pipe_busy = 0;
@ -329,7 +330,6 @@ pipe_create(cpipep)
 	vfs_timestamp(&cpipe->pipe_ctime);
 	cpipe->pipe_atime = cpipe->pipe_ctime;
 	cpipe->pipe_mtime = cpipe->pipe_ctime;
-	bzero(&cpipe->pipe_sel, sizeof cpipe->pipe_sel);

 	return (0);
 }