[no subject]

[Fengguang Wu]

Subject: possible double free in edac_mc_alloc()
Reply-To: 
User-Agent: Heirloom mailx 12.5 6/20/10

Hi,

coccinelle warns about:

+ drivers/edac/edac_mc.c:429:9-23: ERROR: reference preceded by free on line 429

and that line does look strange: the 'i' seems like a temporary value
used in previous loops, and it won't change at all in the current
loop. Which means the same mci->csrows[i] get freed once and again.
It might also do double free for the previous kfree(csr) line.

vim +429 drivers/edac/edac_mc.c

   416         if (mci->dimms) {
   417                 for (i = 0; i < tot_dimms; i++)
   418                         kfree(mci->dimms[i]);
   419                 kfree(mci->dimms);
   420         }
   421         if (mci->csrows) {
   422                 for (chn = 0; chn < tot_channels; chn++) {
   423                         csr = mci->csrows[chn];
   424                         if (csr) {
   425                                 for (chn = 0; chn < tot_channels; chn++)
   426						kfree(csr->channels[chn]);
   427					kfree(csr);
   428				}
 > 429				kfree(mci->csrows[i]);
   430			}
   431			kfree(mci->csrows);
   432		}

---
0-DAY kernel build testing backend         Open Source Technology Centre
Fengguang Wu <wfg@xxxxxxxxxxxxxxx>                     Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/