From owner-freebsd-bugs  Tue Dec 16 02:00:07 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA12737
          for bugs-outgoing; Tue, 16 Dec 1997 02:00:07 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA12703;
          Tue, 16 Dec 1997 02:00:03 -0800 (PST)
          (envelope-from gnats)
Date: Tue, 16 Dec 1997 02:00:03 -0800 (PST)
Message-Id: <199712161000.CAA12703@hub.freebsd.org>
To: freebsd-bugs
Cc: 
From: Bruce Evans <bde@zeta.org.au>
Subject: Re: kern/5313: panic: free: multiple frees
Reply-To: Bruce Evans <bde@zeta.org.au>
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The following reply was made to PR kern/5313; it has been noted by GNATS.

From: Bruce Evans <bde@zeta.org.au>
To: dima@best.net, FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: kern/5313: panic: free: multiple frees
Date: Tue, 16 Dec 1997 20:53:06 +1100

 >#9  0xf011329a in panic (fmt=0xf010fca7 "free: multiple frees")
 >    at ../../kern/kern_shutdown.c:388
 >#10 0xf010fd87 in free (addr=0xf5dbd000, type=0x4a)
 >    at ../../kern/kern_malloc.c:342
 
 There is one obvious problem.  imgp->image_header needs to be cleared
 in both arms of the if statement since it is always set).  This fix has
 not been tested.
 
 Bruce
 
 diff -c2 kern_exec.c~ kern_exec.c
 *** kern_exec.c~	Mon Dec  8 06:07:52 1997
 --- kern_exec.c	Tue Dec 16 20:47:32 1997
 ***************
 *** 219,226 ****
   				brelse(bp);
   				bp = NULL;
 ! 			} else {
   				free((void *)imgp->image_header, M_TEMP);
 ! 				imgp->image_header = NULL;
 ! 			}
   			/* free old vnode and name buffer */
   			vrele(ndp->ni_vp);
 --- 218,224 ----
   				brelse(bp);
   				bp = NULL;
 ! 			} else
   				free((void *)imgp->image_header, M_TEMP);
 ! 			imgp->image_header = NULL;
   			/* free old vnode and name buffer */
   			vrele(ndp->ni_vp);