2009-12-14 18:24:13

by Phil Carmody

[permalink] [raw]
Subject: [PATCH 1/1] driver core: Prevent reference to freed memory on error path

priv is drv->p. So only free drv->p after we've finished using priv.

Found using a static code analysis tool

Signed-off-by: Phil Carmody <[email protected]>
---
drivers/base/bus.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index 63c143e..c0c5a43 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -703,9 +703,9 @@ int bus_add_driver(struct device_driver *drv)
return 0;

out_unregister:
+ kobject_put(&priv->kobj);
kfree(drv->p);
drv->p = NULL;
- kobject_put(&priv->kobj);
out_put_bus:
bus_put(bus);
return error;
--
1.6.0.4