Re: nfc: pn533: suspected double free when pn533_fill_fragment_skbs() return value <= 0

From: Krzysztof Kozlowski
Date: Fri Nov 05 2021 - 06:10:39 EST

Next message: Ville Syrjälä: "Re: [PATCH v5 2/3] drm: Add Gamma and Degamma LUT sizes props to drm_crtc to validate."
Previous message: Catalin Marinas: "Re: [PATCH] arm64: Track no early_pgtable_alloc() for kmemleak"
In reply to: YE Chengfeng: "nfc: pn533: suspected double free when pn533_fill_fragment_skbs() return value <= 0"
Next in thread: Dan Carpenter: "Re: nfc: pn533: suspected double free when pn533_fill_fragment_skbs() return value <= 0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 05/11/2021 10:22, YE Chengfeng wrote:
> Hi,
>
> We notice that skb is already freed by dev_kfree_skb in pn533_fill_fragment_skbs, but follow error handler branch #line 2288 and #line 2356, skb is freed again, seems like a double free issue. Would you like to have a look at them? We will provide patch for them after confirmation.
>
> https://github.com/torvalds/linux/blob/master/drivers/nfc/pn533/pn533.c#L2288

Hi,

Indeed it looks like double free. Please send a patch even without
confirmation - code is better than just text report.

Best regards,
Krzysztof

Next message: Ville Syrjälä: "Re: [PATCH v5 2/3] drm: Add Gamma and Degamma LUT sizes props to drm_crtc to validate."
Previous message: Catalin Marinas: "Re: [PATCH] arm64: Track no early_pgtable_alloc() for kmemleak"
In reply to: YE Chengfeng: "nfc: pn533: suspected double free when pn533_fill_fragment_skbs() return value <= 0"
Next in thread: Dan Carpenter: "Re: nfc: pn533: suspected double free when pn533_fill_fragment_skbs() return value <= 0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]