In si470x_usb_driver_disconnect() radio->disconnect_lock is accessed
after it is freed. This fixes the problem.
Coverity CID: 2530
Signed-off-by: Darren Jenkins <[email protected]>
---
drivers/media/radio/si470x/radio-si470x-usb.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/media/radio/si470x/radio-si470x-usb.c b/drivers/media/radio/si470x/radio-si470x-usb.c
index a96e1b9..1588a9d 100644
--- a/drivers/media/radio/si470x/radio-si470x-usb.c
+++ b/drivers/media/radio/si470x/radio-si470x-usb.c
@@ -842,9 +842,11 @@ static void si470x_usb_driver_disconnect(struct usb_interface *intf)
kfree(radio->int_in_buffer);
video_unregister_device(radio->videodev);
kfree(radio->buffer);
+ mutex_unlock(&radio->disconnect_lock);
kfree(radio);
+ } else {
+ mutex_unlock(&radio->disconnect_lock);
}
- mutex_unlock(&radio->disconnect_lock);
}
--
1.6.3.3
Hello Darren,
thanks for the patch. It was already pulled into the main repository.
Acked-by: Tobias Lorenz <[email protected]>
Bye,
Toby
Am Donnerstag 11 Februar 2010 12:07:53 schrieb Darren Jenkins:
> In si470x_usb_driver_disconnect() radio->disconnect_lock is accessed
> after it is freed. This fixes the problem.
>
> Coverity CID: 2530
>
> Signed-off-by: Darren Jenkins <[email protected]>
> ---
> drivers/media/radio/si470x/radio-si470x-usb.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/media/radio/si470x/radio-si470x-usb.c b/drivers/media/radio/si470x/radio-si470x-usb.c
> index a96e1b9..1588a9d 100644
> --- a/drivers/media/radio/si470x/radio-si470x-usb.c
> +++ b/drivers/media/radio/si470x/radio-si470x-usb.c
> @@ -842,9 +842,11 @@ static void si470x_usb_driver_disconnect(struct usb_interface *intf)
> kfree(radio->int_in_buffer);
> video_unregister_device(radio->videodev);
> kfree(radio->buffer);
> + mutex_unlock(&radio->disconnect_lock);
> kfree(radio);
> + } else {
> + mutex_unlock(&radio->disconnect_lock);
> }
> - mutex_unlock(&radio->disconnect_lock);
> }
>
>
>