public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* [patch] musb: potential use after free
@ 2010-03-20 12:24 Dan Carpenter
  2010-03-24 10:26 ` Felipe Balbi
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2010-03-20 12:24 UTC (permalink / raw)
  To: Felipe Balbi
  Cc: Greg Kroah-Hartman, David Brownell, Sergei Shtylyov,
	Ajay Kumar Gupta, linux-usb, linux-kernel

We assign "urb->hcpriv = qh;" a few lines down.  I'm pretty sure we 
want it "urb->hcpriv" to be NULL not a freed value.

Signed-off-by: Dan Carpenter <error27@gmail.com>
---
Found with a static checker.  I don't have the hardware to test this.

diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c
index dec896e..877d20b 100644
--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -2042,6 +2042,7 @@ static int musb_urb_enqueue(
 		 * odd, rare, error prone, but legal.
 		 */
 		kfree(qh);
+		qh = NULL;
 		ret = 0;
 	} else
 		ret = musb_schedule(musb, qh,

^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-03-24 10:26 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-20 12:24 [patch] musb: potential use after free Dan Carpenter
2010-03-24 10:26 ` Felipe Balbi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox