Revision 4958cf32f66df854b932b601eef2da3f95973339 authored by Alexey Khoroshilov on 10 August 2014, 16:35:11 UTC, committed by Felipe Balbi on 19 August 2014, 14:21:46 UTC
After dbgp_bind()-dbgp_unbind() cycle happens, static variable dbgp contains pointers to already deallocated memory (dbgp.serial and dbgp.req). If the next dbgp_bind() fails, for example in usb_ep_alloc_request(), dbgp_bind() calls dbgp_unbind() on failure path, and dbgp_unbind() frees dbgp.serial that still stores a pointer to already deallocated memory. The patch sets pointers to NULL in dbgp_unbind(). Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Signed-off-by: Felipe Balbi <balbi@ti.com>
1 parent 0c58240
| File | Mode | Size |
|---|---|---|
| 6lowpan | ||
| 802 | ||
| 8021q | ||
| 9p | ||
| appletalk | ||
| atm | ||
| ax25 | ||
| batman-adv | ||
| bluetooth | ||
| bridge | ||
| caif | ||
| can | ||
| ceph | ||
| core | ||
| dcb | ||
| dccp | ||
| decnet | ||
| dns_resolver | ||
| dsa | ||
| ethernet | ||
| hsr | ||
| ieee802154 | ||
| ipv4 | ||
| ipv6 | ||
| ipx | ||
| irda | ||
| iucv | ||
| key | ||
| l2tp | ||
| lapb | ||
| llc | ||
| mac80211 | ||
| mac802154 | ||
| mpls | ||
| netfilter | ||
| netlabel | ||
| netlink | ||
| netrom | ||
| nfc | ||
| openvswitch | ||
| packet | ||
| phonet | ||
| rds | ||
| rfkill | ||
| rose | ||
| rxrpc | ||
| sched | ||
| sctp | ||
| sunrpc | ||
| tipc | ||
| unix | ||
| vmw_vsock | ||
| wimax | ||
| wireless | ||
| x25 | ||
| xfrm | ||
| Kconfig | -rw-r--r-- | 11.7 KB |
| Makefile | -rw-r--r-- | 2.1 KB |
| compat.c | -rw-r--r-- | 24.8 KB |
| nonet.c | -rw-r--r-- | 552 bytes |
| socket.c | -rw-r--r-- | 83.6 KB |
| sysctl_net.c | -rw-r--r-- | 2.8 KB |
Computing file changes ...
