From 72b8ff1c7449e51d5030596331c87215c4a4c82b Mon Sep 17 00:00:00 2001
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
Date: Sat, 21 Apr 2012 10:45:46 +0000
Subject: [PATCH] Fix use-after-free introduced in r234036.

Reviewed by:	mckusick
Tested by:	pho
---
 sys/ufs/ffs/ffs_vfsops.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sys/ufs/ffs/ffs_vfsops.c b/sys/ufs/ffs/ffs_vfsops.c
index 974d27aae862..9aff694e83fc 100644
--- a/sys/ufs/ffs/ffs_vfsops.c
+++ b/sys/ufs/ffs/ffs_vfsops.c
@@ -699,10 +699,14 @@ ffs_reload(struct mount *mp, struct thread *td)
 	 * We no longer know anything about clusters per cylinder group.
 	 */
 	if (fs->fs_contigsumsize > 0) {
-		lp = fs->fs_maxcluster;
+		fs->fs_maxcluster = lp = space;
 		for (i = 0; i < fs->fs_ncg; i++)
 			*lp++ = fs->fs_contigsumsize;
+		space = lp;
 	}
+	size = fs->fs_ncg * sizeof(u_int8_t);
+	fs->fs_contigdirs = (u_int8_t *)space;
+	bzero(fs->fs_contigdirs, size);
 
 loop:
 	MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {