Re: [PATCH] staging; lirc, zilog: put_ir_rx may free 'rx' which canlead to double free

[Andy Walls]

On Fri, 2011-07-29 at 09:08 +0300, Dan Carpenter wrote:
> On Thu, Jul 28, 2011 at 11:49:51PM +0200, Jesper Juhl wrote:
> > If calling put_ir_rx(rx, true); in
> > drivers/staging/lirc/lirc_zilog.c::ir_probe() returns true (1) then it
> > means that it has freed it's first argument. Subsequently jumping to
> > 'out_put_xx' will cause us to call put_ir_rx() once more since 'rx' is
> > not zero - leading to a double free.
> 
> It would be better to just remove the first call to put_ir_rx().

Jesper,

(Emails from you don't seem to make it to me, so I looked at your patch
in lkml.org archive.)

Good catch!

Although either fix will work, I do prefer Dan's suggested fix.  Could
you please implement that?

Since emails from you don't seem to make it to me, and since Dan's
suggestion is trivial to implement, I'll just ack that form of the fix
right now:

Acked-by: Andy Walls <awalls@xxxxxxxxxxxxxxxx>

Regards,
Andy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/