Re: [PATCH] intel_th: avoid double free in error flow

[Alexander Shishkin]

Wen Yang <wenyang@xxxxxxxxxxxxxxxxx> writes:

> Another example after a few lines lower:
>
>  ÂÂÂÂÂÂÂ err = device_add(&thdev->dev);
>
>  ÂÂÂÂÂÂÂ if (err) {
>  ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ put_device(&thdev->dev);
>  ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ goto fail_free_res;
>
>  ÂÂÂÂÂÂÂÂ }
>
> device_add() has increased the reference count,
>
> so when it returns an error, an additional call to put_device()
>
> is needed here to reduce the reference count.
>
> So the code in this place is correct.

No, device_add() drops its own extra reference in case of error (as it
should), so in "if (err) ..." branch we still only have just one
reference before it goes free.

Regards,
--
Alex