Re: [patch] dpt_i20: several use after free issues

From: Andrew Morton
Date: Mon Mar 15 2010 - 16:45:57 EST


On Mon, 15 Mar 2010 11:26:56 +0300
Dan Carpenter <error27@xxxxxxxxx> wrote:

> adpt_i2o_delete_hba() calls kfree() so we have to save "pHba->next"
> before calling it. Also inside adpt_i2o_delete_hba() itself, there
> was another use after free bug which I fixed by moving the kfree()
> down a line.

erk. This code should be crashing most gruesomely. I wonder why it
doesn't.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/