[patch] dereferencing freed in saa5249.c
From: Dan Carpenter
Date: Fri Apr 10 2009 - 05:01:33 EST
I moved the kfree() down a couple lines. t->vdev is going to be in freed
memory so there is no point setting it to NULL. I added a kfree(t) on a
different error path.
regards,
dan carpenter
Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
--- orig/drivers/media/video/saa5249.c 2009-04-09 23:54:15.000000000 +0300
+++ devel/drivers/media/video/saa5249.c 2009-04-09 23:59:16.000000000 +0300
@@ -598,6 +598,7 @@
/* Now create a video4linux device */
t->vdev = video_device_alloc();
if (t->vdev == NULL) {
+ kfree(t);
kfree(client);
return -ENOMEM;
}
@@ -617,9 +618,8 @@
/* Register it */
err = video_register_device(t->vdev, VFL_TYPE_VTX, -1);
if (err < 0) {
- kfree(t);
video_device_release(t->vdev);
- t->vdev = NULL;
+ kfree(t);
return err;
}
return 0;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/