* Re: [patch] NFC: st21nfcb: double free on allocation error
@ 2014-08-09 21:49 Christophe RICARD
0 siblings, 0 replies; 2+ messages in thread
From: Christophe RICARD @ 2014-08-09 21:49 UTC (permalink / raw)
To: kernel-janitors
Hi Dan,
A patch fixing this issue got already sent to the linux-nfc mailing
list.
Here is a pointer to the patch:
https://lists.01.org/pipermail/linux-nfc/2014-July/002647.html
You are welcome to comment if anything is wrong.
Best Regards
Christophe
On Thu, 31 Jul 2014 12:41:23 +0300
Dan Carpenter <dan.carpenter@oracle.com> wrote:
> "info" is allocated with devm_kzalloc() so calling kfree() here will
> lead to a double free.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/drivers/nfc/st21nfcb/st21nfcb.c
> b/drivers/nfc/st21nfcb/st21nfcb.c index 4d95863..6944f9e 100644
> --- a/drivers/nfc/st21nfcb/st21nfcb.c
> +++ b/drivers/nfc/st21nfcb/st21nfcb.c
> @@ -94,8 +94,7 @@ int st21nfcb_nci_probe(struct llt_ndlc *ndlc, int
> phy_headroom, phy_headroom, phy_tailroom);
> if (!ndlc->ndev) {
> pr_err("Cannot allocate nfc ndev\n");
> - r = -ENOMEM;
> - goto err_alloc_ndev;
> + return -ENOMEM;
> }
> info->ndlc = ndlc;
>
> @@ -109,8 +108,6 @@ int st21nfcb_nci_probe(struct llt_ndlc *ndlc, int
> phy_headroom, err_regdev:
> nci_free_device(ndlc->ndev);
>
> -err_alloc_ndev:
> - kfree(info);
> return r;
> }
> EXPORT_SYMBOL_GPL(st21nfcb_nci_probe);
^ permalink raw reply [flat|nested] 2+ messages in thread
* [patch] NFC: st21nfcb: double free on allocation error
@ 2014-07-31 9:41 Dan Carpenter
0 siblings, 0 replies; 2+ messages in thread
From: Dan Carpenter @ 2014-07-31 9:41 UTC (permalink / raw)
To: kernel-janitors
"info" is allocated with devm_kzalloc() so calling kfree() here will
lead to a double free.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/drivers/nfc/st21nfcb/st21nfcb.c b/drivers/nfc/st21nfcb/st21nfcb.c
index 4d95863..6944f9e 100644
--- a/drivers/nfc/st21nfcb/st21nfcb.c
+++ b/drivers/nfc/st21nfcb/st21nfcb.c
@@ -94,8 +94,7 @@ int st21nfcb_nci_probe(struct llt_ndlc *ndlc, int phy_headroom,
phy_headroom, phy_tailroom);
if (!ndlc->ndev) {
pr_err("Cannot allocate nfc ndev\n");
- r = -ENOMEM;
- goto err_alloc_ndev;
+ return -ENOMEM;
}
info->ndlc = ndlc;
@@ -109,8 +108,6 @@ int st21nfcb_nci_probe(struct llt_ndlc *ndlc, int phy_headroom,
err_regdev:
nci_free_device(ndlc->ndev);
-err_alloc_ndev:
- kfree(info);
return r;
}
EXPORT_SYMBOL_GPL(st21nfcb_nci_probe);
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-09 21:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-09 21:49 [patch] NFC: st21nfcb: double free on allocation error Christophe RICARD
-- strict thread matches above, loose matches on Subject: below --
2014-07-31 9:41 Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.