Re: [PATCH v2] nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
From: Dan Carpenter
Date: Fri Nov 05 2021 - 10:35:03 EST
On Fri, Nov 05, 2021 at 06:36:36AM -0700, Chengfeng Ye wrote:
> skb is already freed by dev_kfree_skb in pn533_fill_fragment_skbs,
> but follow error handler branch when pn533_fill_fragment_skbs()
> fails, skb is freed again, results in double free issue. Fix this
> by not free skb in error path of pn533_fill_fragment_skbs.
>
> Signed-off-by: Chengfeng Ye <cyeaa@xxxxxxxxxxxxxx>
I sort of wish the commit message talked more about the how this changes
the failure return from 0 to -ENOMEM. But the patch is good.
Reviewed-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
regards,
dan carpenter