From 82a283fcf35892b4d66750c87224b5135ceff67d Mon Sep 17 00:00:00 2001
From: Alfred Perlstein <alfred@FreeBSD.org>
Date: Thu, 17 May 2001 17:59:28 +0000
Subject: [PATCH] pipe_create has to zero out the select record earlier to
 avoid returning a half-initialized pipe and causing pipeclose() to follow a
 junk pointer.

Discovered by: "Nick S" <snicko@noid.org>
---
 sys/kern/sys_pipe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c
index 238ace1251e4..aff33476b7d9 100644
--- a/sys/kern/sys_pipe.c
+++ b/sys/kern/sys_pipe.c
@@ -306,6 +306,7 @@ pipe_create(cpipep)
 	 * protect so pipeclose() doesn't follow a junk pointer
 	 * if pipespace() fails.
 	 */
+	bzero(&cpipe->pipe_sel, sizeof(cpipe->pipe_sel));
 	cpipe->pipe_state = 0;
 	cpipe->pipe_peer = NULL;
 	cpipe->pipe_busy = 0;
@@ -329,7 +330,6 @@ pipe_create(cpipep)
 	vfs_timestamp(&cpipe->pipe_ctime);
 	cpipe->pipe_atime = cpipe->pipe_ctime;
 	cpipe->pipe_mtime = cpipe->pipe_ctime;
-	bzero(&cpipe->pipe_sel, sizeof cpipe->pipe_sel);
 
 	return (0);
 }