[PATCH] drivers/media/radio/si470x/radio-si470x-usb.c fix useafter free
From: Darren Jenkins
Date: Thu Feb 11 2010 - 06:08:11 EST
In si470x_usb_driver_disconnect() radio->disconnect_lock is accessed
after it is freed. This fixes the problem.
Coverity CID: 2530
Signed-off-by: Darren Jenkins <darrenrjenkins@xxxxxxxxx>
---
drivers/media/radio/si470x/radio-si470x-usb.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/media/radio/si470x/radio-si470x-usb.c b/drivers/media/radio/si470x/radio-si470x-usb.c
index a96e1b9..1588a9d 100644
--- a/drivers/media/radio/si470x/radio-si470x-usb.c
+++ b/drivers/media/radio/si470x/radio-si470x-usb.c
@@ -842,9 +842,11 @@ static void si470x_usb_driver_disconnect(struct usb_interface *intf)
kfree(radio->int_in_buffer);
video_unregister_device(radio->videodev);
kfree(radio->buffer);
+ mutex_unlock(&radio->disconnect_lock);
kfree(radio);
+ } else {
+ mutex_unlock(&radio->disconnect_lock);
}
- mutex_unlock(&radio->disconnect_lock);
}
--
1.6.3.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/