From b00a3c85dac8a3429a32782735dd697746f31302 Mon Sep 17 00:00:00 2001 From: Jacques Vidrine Date: Thu, 5 Feb 2004 18:00:35 +0000 Subject: [PATCH] Correct a reference counting bug in shmat(2). If vm_map_find(9) failed, the reference count for the virtual memory object referenced by the specified shared memory segment would have been erroneously incremented. Reported by: Joost Pol --- sys/kern/sysv_shm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c index 32663e41a62..80fa0de04bb 100644 --- a/sys/kern/sysv_shm.c +++ b/sys/kern/sysv_shm.c @@ -378,6 +378,7 @@ kern_shmat(td, shmid, shmaddr, shmflg) rv = vm_map_find(&p->p_vmspace->vm_map, shm_handle->shm_object, 0, &attach_va, size, (flags & MAP_FIXED)?0:1, prot, prot, 0); if (rv != KERN_SUCCESS) { + vm_object_deallocate(shm_handle->shm_object); error = ENOMEM; goto done2; }