From cdd0cd6e2c8a8556477f7b22c32dd472af644d21 Mon Sep 17 00:00:00 2001
From: Ruslan Ermilov <ru@nginx.com>
Date: Sat, 3 Dec 2016 10:01:39 +0300
Subject: [PATCH] Slab: improved double free detection.

Previously, an attempt to double free the starting page of the
free range was not detected.
---
 src/core/ngx_slab.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/ngx_slab.c b/src/core/ngx_slab.c
index b2adbf423..0fc63b5c4 100644
--- a/src/core/ngx_slab.c
+++ b/src/core/ngx_slab.c
@@ -597,7 +597,7 @@ ngx_slab_free_locked(ngx_slab_pool_t *pool, void *p)
             goto wrong_chunk;
         }
 
-        if (slab == NGX_SLAB_PAGE_FREE) {
+        if (!(slab & NGX_SLAB_PAGE_START)) {
             ngx_slab_error(pool, NGX_LOG_ALERT,
                            "ngx_slab_free(): page is already free");
             goto fail;