If debugging is turned on, then wl1271_dump() dereferences a freed
variable.
Signed-off-by: Dan Carpenter <[email protected]>
diff --git a/drivers/net/wireless/wl12xx/spi.c b/drivers/net/wireless/wl12xx/spi.c
index 4671491..8f7ea2c 100644
--- a/drivers/net/wireless/wl12xx/spi.c
+++ b/drivers/net/wireless/wl12xx/spi.c
@@ -110,9 +110,9 @@ static void wl1271_spi_reset(struct wl1271 *wl)
spi_message_add_tail(&t, &m);
spi_sync(wl_to_spi(wl), &m);
- kfree(cmd);
wl1271_dump(DEBUG_SPI, "spi reset -> ", cmd, WSPI_INIT_CMD_LEN);
+ kfree(cmd);
}
static void wl1271_spi_init(struct wl1271 *wl)
On Tue, 2010-12-21 at 07:00 +0300, ext Dan Carpenter wrote:
> If debugging is turned on, then wl1271_dump() dereferences a freed
> variable.
>
> Signed-off-by: Dan Carpenter <[email protected]>
Applied, thank you!
--
Cheers,
Luca.