From 459cd0201ddcf7811c762eafc5f676c4e0c2bfb2 Mon Sep 17 00:00:00 2001
From: tholo <>
Date: Thu, 19 Sep 1996 20:38:48 +0000
Subject: [PATCH] From FreeBSD: > Fix a very rare error condition:  The code to
 free VM back to the kernel > as done after a quasi-recursive call to free()
 had modified what we > thought we knew about the last chunk of pages. > This
 bug manifested itself when I did a "make obj" from src/usr.sbin/lpr, > then
 make would coredump in the lpd directory.

---
 src/lib/libc/stdlib/malloc.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c
index 780980e7..bff70c7b 100644
--- a/src/lib/libc/stdlib/malloc.c
+++ b/src/lib/libc/stdlib/malloc.c
@@ -8,7 +8,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: malloc.c,v 1.12 1996/09/16 05:43:40 tholo Exp $";
+static char rcsid[] = "$OpenBSD: malloc.c,v 1.13 1996/09/19 20:38:48 tholo Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 /*
@@ -1019,7 +1019,7 @@ free_pages(ptr, index, info)
     struct pginfo *info;
 {
     int i;
-    struct pgfree *pf,*pt;
+    struct pgfree *pf,*pt=0;
     u_long l;
     void *tail;
 
@@ -1090,7 +1090,6 @@ free_pages(ptr, index, info)
 		pf->next = pt->next;
 		if (pf->next)
 		    pf->next->prev = pf;
-		free(pt);
 	    }
 	} else if (pf->page == tail) {
 	    /* Prepend to entry */
@@ -1132,6 +1131,8 @@ free_pages(ptr, index, info)
 
 	/* XXX: We could realloc/shrink the pagedir here I guess. */
     }
+    if (pt)
+	free(pt);
 }
 
 /*