From 07bdd2da84aefcd4aea33b9d8634a6eaae2d4409 Mon Sep 17 00:00:00 2001
From: otto <>
Date: Wed, 29 Feb 2012 08:44:14 +0000
Subject: - Test for the retrieved page address not being NULL. This turns
 free((void*)1)   into an bogus pointer error instead of a segfault. -
 Document that we use the assumption that a non-MAP_FIXED mmap() with   hint 0
 never returns NULL.

---
 src/lib/libc/stdlib/malloc.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c
index 5fc75c2c75..6aba00e4a0 100644
--- a/src/lib/libc/stdlib/malloc.c
+++ b/src/lib/libc/stdlib/malloc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: malloc.c,v 1.140 2011/10/06 14:37:04 otto Exp $	*/
+/*	$OpenBSD: malloc.c,v 1.141 2012/02/29 08:44:14 otto Exp $	*/
 /*
  * Copyright (c) 2008 Otto Moerbeek <otto@drijf.net>
  *
@@ -724,6 +724,11 @@ alloc_chunk_info(struct dir_info *d, int bits)
 	return p;
 }
 
+
+/* 
+ * The hashtable uses the assumption that p is never NULL. This holds since
+ * non-MAP_FIXED mappings with hint 0 start at BRKSIZ.
+ */
 static int
 insert(struct dir_info *d, void *p, size_t sz, void *f)
 {
@@ -774,7 +779,7 @@ find(struct dir_info *d, void *p)
 		q = MASK_POINTER(r);
 		STATS_INC(d->find_collisions);
 	}
-	return q == p ? &d->r[index] : NULL;
+	return (q == p && r != NULL) ? &d->r[index] : NULL;
 }
 
 static void
-- 
cgit v1.2.3-55-g6feb