[PATCH] gpiolib: Fix use after free in gpiochip_add_pin_range
From: Axel Lin
Date: Wed Nov 21 2012 - 01:33:57 EST
This is introduced by commit 9ab6e988
"gpiolib: return any error code from range creation".
Signed-off-by: Axel Lin <axel.lin@xxxxxxxxxx>
---
This patch is against LinusW's linux-pinctrl tree, for-next branch.
Axel
drivers/gpio/gpiolib.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index 317ff04..8370214 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -1201,6 +1201,7 @@ int gpiochip_add_pin_range(struct gpio_chip *chip, const char *pinctl_name,
unsigned int npins)
{
struct gpio_pin_range *pin_range;
+ int ret;
pin_range = kzalloc(sizeof(*pin_range), GFP_KERNEL);
if (!pin_range) {
@@ -1219,10 +1220,11 @@ int gpiochip_add_pin_range(struct gpio_chip *chip, const char *pinctl_name,
pin_range->pctldev = pinctrl_find_and_add_gpio_range(pinctl_name,
&pin_range->range);
if (IS_ERR(pin_range->pctldev)) {
+ ret = PTR_ERR(pin_range->pctldev);
pr_err("%s: GPIO chip: could not create pin range\n",
chip->label);
kfree(pin_range);
- return PTR_ERR(pin_range->pctldev);
+ return ret;
}
pr_debug("%s: GPIO chip: created GPIO range %d->%d ==> PIN %d->%d\n",
chip->label, offset, offset + npins - 1,
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/