Kernel: Remove regions from the region tree after failing to map them

At the point at which we try to map the Region it was already added to
the Process region tree, so we have to make sure to remove it before
freeing it in the mapping failure path, otherwise the tree will contain
a dangling pointer to the free'd instance.

1 files changed, 8 insertions, 1 deletions

diff --git a/Kernel/Memory/AddressSpace.cpp b/Kernel/Memory/AddressSpace.cpp
index 7f3bb554e0..01964f324b 100644
--- a/Kernel/Memory/AddressSpace.cpp
+++ b/Kernel/Memory/AddressSpace.cpp
@@ -217,7 +217,14 @@ ErrorOr<Region*> AddressSpace::allocate_region_with_vmobject(RandomizeVirtualAdd
         SpinlockLocker mm_locker(s_mm_lock);
         region->set_page_directory(page_directory());
     } else {
-        TRY(region->map(page_directory(), ShouldFlushTLB::No));
+        auto result = region->map(page_directory(), ShouldFlushTLB::No);
+        if (result.is_error()) [[unlikely]] {
+            // At this point the region is already part of the Process region tree, so we have to make sure
+            // we remove it from the tree before returning this error, or else the Region tree will contain
+            // a dangling pointer to the free'd Region instance
+            m_region_tree.remove(*region);
+            return result.release_error();
+        }
     }
     return region.leak_ptr();
 }