[net-next] net:enetc: bug fix for qos sfi operate space after freed
From: Po Liu
Date: Thu May 07 2020 - 07:20:06 EST
'Dan Carpenter' reported:
This code frees "sfi" and then dereferences it on the next line:
> kfree(sfi);
> clear_bit(sfi->index, epsfp.psfp_sfi_bitmap);
This "sfi->index" should be "index".
Reported-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Po Liu <Po.Liu@xxxxxxx>
---
drivers/net/ethernet/freescale/enetc/enetc_qos.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_qos.c b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
index 48e589e9d0f7..77f110e24505 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_qos.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_qos.c
@@ -903,7 +903,7 @@ static void stream_filter_unref(struct enetc_ndev_priv *priv, u32 index)
enetc_streamfilter_hw_set(priv, sfi, false);
hlist_del(&sfi->node);
kfree(sfi);
- clear_bit(sfi->index, epsfp.psfp_sfi_bitmap);
+ clear_bit(index, epsfp.psfp_sfi_bitmap);
}
}
--
2.17.1