From 1a191c166c446b21f515429fc9987e5a7add5ae5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn-Egil=20Dahlberg?= <egil@erlang.org>
Date: Fri, 10 Apr 2015 15:12:45 +0200
Subject: erts: Fix building of Map result from match_specs

A faulty "box-value" entered into the heap which could cause
a segmentation fault in the garbage collector if it was written
on a heap fragment.
---
 erts/emulator/beam/erl_db_util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/erts/emulator/beam/erl_db_util.c b/erts/emulator/beam/erl_db_util.c
index 0bf562d937..0fb1c397c9 100644
--- a/erts/emulator/beam/erl_db_util.c
+++ b/erts/emulator/beam/erl_db_util.c
@@ -2153,8 +2153,8 @@ restart:
 	    break;
         case matchMkFlatMap:
             n = *pc++;
-            ehp = HAllocX(build_proc, 1 + MAP_HEADER_FLATMAP_SZ + n, HEAP_XTRA);
-            t = *ehp++ = *--esp;
+            ehp = HAllocX(build_proc, MAP_HEADER_FLATMAP_SZ + n, HEAP_XTRA);
+            t = *--esp;
             {
                 flatmap_t *m = (flatmap_t *)ehp;
                 m->thing_word = MAP_HEADER_FLATMAP;
-- 
cgit v1.2.3