* [PATCH] memstick: fix a double-free bug in memstick_check
@ 2020-11-20 7:48 Qinglang Miao
2020-11-23 16:07 ` Ulf Hansson
0 siblings, 1 reply; 2+ messages in thread
From: Qinglang Miao @ 2020-11-20 7:48 UTC (permalink / raw)
To: Maxim Levitsky, Alex Dubov, Ulf Hansson
Cc: linux-mmc, linux-kernel, Qinglang Miao
kfree(host->card) has been called in put_device so that
another kfree would raise cause a double-free bug.
Fixes: 0193383a5833 ("memstick: core: fix device_register() error handling")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
---
drivers/memstick/core/memstick.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c
index ef03d6faf..12bc3f5a6 100644
--- a/drivers/memstick/core/memstick.c
+++ b/drivers/memstick/core/memstick.c
@@ -468,7 +468,6 @@ static void memstick_check(struct work_struct *work)
host->card = card;
if (device_register(&card->dev)) {
put_device(&card->dev);
- kfree(host->card);
host->card = NULL;
}
} else
--
2.23.0
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH] memstick: fix a double-free bug in memstick_check
2020-11-20 7:48 [PATCH] memstick: fix a double-free bug in memstick_check Qinglang Miao
@ 2020-11-23 16:07 ` Ulf Hansson
0 siblings, 0 replies; 2+ messages in thread
From: Ulf Hansson @ 2020-11-23 16:07 UTC (permalink / raw)
To: Qinglang Miao
Cc: Maxim Levitsky, Alex Dubov, linux-mmc, Linux Kernel Mailing List
On Fri, 20 Nov 2020 at 08:44, Qinglang Miao <miaoqinglang@huawei.com> wrote:
>
> kfree(host->card) has been called in put_device so that
> another kfree would raise cause a double-free bug.
>
> Fixes: 0193383a5833 ("memstick: core: fix device_register() error handling")
> Reported-by: Hulk Robot <hulkci@huawei.com>
> Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
Applied for next, thanks!
Kind regards
Uffe
> ---
> drivers/memstick/core/memstick.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c
> index ef03d6faf..12bc3f5a6 100644
> --- a/drivers/memstick/core/memstick.c
> +++ b/drivers/memstick/core/memstick.c
> @@ -468,7 +468,6 @@ static void memstick_check(struct work_struct *work)
> host->card = card;
> if (device_register(&card->dev)) {
> put_device(&card->dev);
> - kfree(host->card);
> host->card = NULL;
> }
> } else
> --
> 2.23.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-11-23 16:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-20 7:48 [PATCH] memstick: fix a double-free bug in memstick_check Qinglang Miao
2020-11-23 16:07 ` Ulf Hansson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).