[PATCH 4.4 08/52] staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()

From: Greg Kroah-Hartman
Date: Mon Dec 06 2021 - 09:59:11 EST


From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

commit b535917c51acc97fb0761b1edec85f1f3d02bda4 upstream.

The free_rtllib() function frees the "dev" pointer so there is use
after free on the next line. Re-arrange things to avoid that.

Fixes: 66898177e7e5 ("staging: rtl8192e: Fix unload/reload problem")
Cc: stable <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20211117072016.GA5237@kili
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/staging/rtl8192e/rtl8192e/rtl_core.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
+++ b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
@@ -2712,13 +2712,14 @@ static void _rtl92e_pci_disconnect(struc
free_irq(dev->irq, dev);
priv->irq = 0;
}
- free_rtllib(dev);

if (dev->mem_start != 0) {
iounmap((void __iomem *)dev->mem_start);
release_mem_region(pci_resource_start(pdev, 1),
pci_resource_len(pdev, 1));
}
+
+ free_rtllib(dev);
} else {
priv = rtllib_priv(dev);
}