From patchwork Wed Mar 17 12:40:38 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Darren Jenkins X-Patchwork-Id: 47942 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 0E2DBB7D2E for ; Wed, 17 Mar 2010 23:41:20 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754820Ab0CQMkv (ORCPT ); Wed, 17 Mar 2010 08:40:51 -0400 Received: from mail-gy0-f174.google.com ([209.85.160.174]:35867 "EHLO mail-gy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754742Ab0CQMkt (ORCPT ); Wed, 17 Mar 2010 08:40:49 -0400 Received: by gyg8 with SMTP id 8so456125gyg.19 for ; Wed, 17 Mar 2010 05:40:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :content-type:date:message-id:mime-version:x-mailer :content-transfer-encoding; bh=hUbS8VqnRuoAqyl9ZUBrKZmFeUIDVZoRtP/8W14oSWA=; b=anijsJ8SAxeSF+hGo9DJUrtxZGceclHhQsUyMHuwEZ0qm6iROruiIv6bJD/hM8KH6B FKCz0lDNmZIBjtREMYaZiQ27ZIOKcA99emNvd+epVPcvGfEcGj90ReMGx69jA1MM0aqS PzCPI5+LWZtues7slQ0ho/fywtvDpeHS9xMZA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:cc:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; b=VO92dGXQ2TsuT0I8yrHsnxNzXjKTOufzcWKbd86yWNi+WIPnOM09kBXWMt5YOunWPH 9B559uO0jPdhR/fq5wpdMnY4c5GMz2MbFuIbcl5Fk9wc4dWOwxA6BFPsltblVyA+pxdj ZCojp98QCbAzrrMHrPIMEkKipwkE65qgf8avE= Received: by 10.91.203.14 with SMTP id f14mr685082agq.31.1268829648952; Wed, 17 Mar 2010 05:40:48 -0700 (PDT) Received: from [192.168.2.3] (C-61-68-139-30.bur.connect.net.au [61.68.139.30]) by mx.google.com with ESMTPS id 15sm4471925gxk.6.2010.03.17.05.40.43 (version=SSLv3 cipher=RC4-MD5); Wed, 17 Mar 2010 05:40:47 -0700 (PDT) Subject: Re: [PATCH] drivers/net/wimax/i2400m/fw.c fix possible double free From: Darren Jenkins To: David Miller Cc: inaky.perez-gonzalez@intel.com, linux-wimax@intel.com, kernel-janitors@vger.kernel.org, cindy.h.kao@intel.com, dirk.j.brandewie@intel.com, wimax@linuxwimax.org, netdev@vger.kernel.org, Linux Kernel Mailing List Date: Wed, 17 Mar 2010 23:40:38 +1100 Message-ID: <1268829638.10618.28.camel@ICE-BOX> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Wed, Mar 17, 2010 at 8:14 AM, David Miller wrote: > Therefore the krealloc() failure handling in this driver should NULL > out i2400m->fw_hdrs and that will fix the double kfree problem as well > as trap any stray references. Yes that is a much better Idea. Thanks for the advice. It also fixes the i2400m_barker_db problem that I didn't notice before. Fix double free on krealloc() failure by zeroing pointer coverity CID: 13455 Signed-off-by: Darren Jenkins --- drivers/net/wimax/i2400m/fw.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/wimax/i2400m/fw.c b/drivers/net/wimax/i2400m/fw.c index 25c24f0..9f3b594 100644 --- a/drivers/net/wimax/i2400m/fw.c +++ b/drivers/net/wimax/i2400m/fw.c @@ -232,8 +232,9 @@ int i2400m_zrealloc_2x(void **ptr, size_t *_count, size_t el_size, *_count = new_count; *ptr = nptr; return 0; - } else - return -ENOMEM; + } + *ptr = NULL; + return -ENOMEM; }