Kernel: Remove regions from the region tree after failing to map them

At the point at which we try to map the Region it was already added to the Process region tree, so we have to make sure to remove it before freeing it in the mapping failure path, otherwise the tree will contain a dangling pointer to the free'd instance.
Author: https://github.com/IdanHo Commit: 4edae21bd1 Pull-request: https://github.com/SerenityOS/serenity/pull/14863 Reviewed-by: https://github.com/awesomekling ✅
2025-08-30 14:20:21 +00:00 · 2022-08-15 01:32:45 +03:00 · 2022-08-15 01:32:45 +03:00 · 4edae21bd1 · 2024-07-17 08:14:23 +09:00
commit 4edae21bd1
parent ae8f1c7dc8
1 changed files with 8 additions and 1 deletions
--- a/Kernel/Memory/AddressSpace.cpp
+++ b/Kernel/Memory/AddressSpace.cpp
@ -217,7 +217,14 @@ ErrorOr<Region*> AddressSpace::allocate_region_with_vmobject(RandomizeVirtualAdd
        SpinlockLocker mm_locker(s_mm_lock);
        region->set_page_directory(page_directory());
    } else {
-        TRY(region->map(page_directory(), ShouldFlushTLB::No));
+        auto result = region->map(page_directory(), ShouldFlushTLB::No);
+        if (result.is_error()) [[unlikely]] {
+            // At this point the region is already part of the Process region tree, so we have to make sure
+            // we remove it from the tree before returning this error, or else the Region tree will contain
+            // a dangling pointer to the free'd Region instance
+            m_region_tree.remove(*region);
+            return result.release_error();
+        }
    }
    return region.leak_ptr();
 }