LinuxLists.cc - [PATCH] drivers/ide/ide-tape.c: remove double kfree

2008-06-29 10:22:28

Subject: [PATCH] drivers/ide/ide-tape.c: remove double kfree

G'day people,

Coverity CID: 2336 USE_AFTER_FREE

drivers/ide/ide-tape.c ide_tape_kfree_buffer() double free's a pointer
(hint freed by an alias in first outer loop).
This patch simply removes the superfluous kfree().

Signed-off-by: Darren Jenkins <darrenrjenkins@gmailcom>

diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
index 1e1f263..86164be 100644
--- a/drivers/ide/ide-tape.c
+++ b/drivers/ide/ide-tape.c
@@ -600,7 +600,6 @@ static void ide_tape_kfree_buffer(idetape_tape_t *tape)
bh = bh->b_reqnext;
kfree(prev_bh);
}
- kfree(tape->merge_bh);
}

static int idetape_end_request(ide_drive_t *drive, int uptodate, int nr_sects)

2008-06-29 16:26:50

by Borislav Petkov

[permalink] [raw]

Subject: Re: [PATCH] drivers/ide/ide-tape.c: remove double kfree

Hi Bart,

in case you haven't picked that one up already...

On Sun, Jun 29, 2008 at 08:34:34AM +1000, Darren Jenkins" wrote:
> G'day people,
>
>
> Coverity CID: 2336 USE_AFTER_FREE
>
> drivers/ide/ide-tape.c ide_tape_kfree_buffer() double free's a pointer
> (hint freed by an alias in first outer loop).
> This patch simply removes the superfluous kfree().
>
>
>
> Signed-off-by: Darren Jenkins <darrenrjenkins@gmailcom>
Acked-by: Borislav Petkov <[email protected]>
>
>
> diff --git a/drivers/ide/ide-tape.c b/drivers/ide/ide-tape.c
> index 1e1f263..86164be 100644
> --- a/drivers/ide/ide-tape.c
> +++ b/drivers/ide/ide-tape.c
> @@ -600,7 +600,6 @@ static void ide_tape_kfree_buffer(idetape_tape_t *tape)
> bh = bh->b_reqnext;
> kfree(prev_bh);
> }
> - kfree(tape->merge_bh);
> }
>
> static int idetape_end_request(ide_drive_t *drive, int uptodate, int nr_sects)
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

--
Regards/Gru?,
Boris.

2008-06-30 21:07:15

by Bartlomiej Zolnierkiewicz

[permalink] [raw]

Subject: Re: [PATCH] drivers/ide/ide-tape.c: remove double kfree

On Sunday 29 June 2008, Borislav Petkov wrote:
> Hi Bart,
>
> in case you haven't picked that one up already...
>
> On Sun, Jun 29, 2008 at 08:34:34AM +1000, Darren Jenkins" wrote:
> > G'day people,
> >
> >
> > Coverity CID: 2336 USE_AFTER_FREE
> >
> > drivers/ide/ide-tape.c ide_tape_kfree_buffer() double free's a pointer
> > (hint freed by an alias in first outer loop).
> > This patch simply removes the superfluous kfree().
> >
> >
> >
> > Signed-off-by: Darren Jenkins <darrenrjenkins@gmailcom>
> Acked-by: Borislav Petkov <[email protected]>

applied