The nci_spi_send() function calls kfree_skb(skb) on both error and
success so this extra kfree_skb() is a double free.
Fixes: caf6e49bf6d0 ("NFC: nfcmrvl: add spi driver")
Signed-off-by: Dan Carpenter <[email protected]>
---
Static analysis. Not tested.
diff --git a/drivers/nfc/nfcmrvl/spi.c b/drivers/nfc/nfcmrvl/spi.c
index a7faa0bcc01e..fc8e78a29d77 100644
--- a/drivers/nfc/nfcmrvl/spi.c
+++ b/drivers/nfc/nfcmrvl/spi.c
@@ -96,10 +96,9 @@ static int nfcmrvl_spi_nci_send(struct nfcmrvl_private *priv,
/* Send the SPI packet */
err = nci_spi_send(drv_data->nci_spi, &drv_data->handshake_completion,
skb);
- if (err != 0) {
+ if (err)
nfc_err(priv->dev, "spi_send failed %d", err);
- kfree_skb(skb);
- }
+
return err;
}
On Wed, Apr 19, 2017 at 02:52:29PM +0200, Samuel Ortiz wrote:
> On Wed, Apr 19, 2017 at 02:47:34PM +0300, Dan Carpenter wrote:
> > On Sun, Apr 02, 2017 at 12:11:17AM +0200, Samuel Ortiz wrote:
> > > Hi Dan,
> > >
> > > On Wed, Mar 08, 2017 at 08:22:37AM +0300, Dan Carpenter wrote:
> > > > The nci_spi_send() function calls kfree_skb(skb) on both error and
> > > > success so this extra kfree_skb() is a double free.
> > > >
> > > > Fixes: caf6e49bf6d0 ("NFC: nfcmrvl: add spi driver")
> > > > Signed-off-by: Dan Carpenter <[email protected]>
> > > > ---
> > > > Static analysis. Not tested.
> > > Applied to nfc-next, thanks.
> > >
> >
> > This is still not showing up in linux-next.
> I sent a pending pull request containing it.
Ah. Sorry for the noise. I didn't realize your tree didn't feed into
linux-next directly. Perhaps it should, though?
regards,
dan carpenter
On Wed, Apr 19, 2017 at 02:47:34PM +0300, Dan Carpenter wrote:
> On Sun, Apr 02, 2017 at 12:11:17AM +0200, Samuel Ortiz wrote:
> > Hi Dan,
> >
> > On Wed, Mar 08, 2017 at 08:22:37AM +0300, Dan Carpenter wrote:
> > > The nci_spi_send() function calls kfree_skb(skb) on both error and
> > > success so this extra kfree_skb() is a double free.
> > >
> > > Fixes: caf6e49bf6d0 ("NFC: nfcmrvl: add spi driver")
> > > Signed-off-by: Dan Carpenter <[email protected]>
> > > ---
> > > Static analysis. Not tested.
> > Applied to nfc-next, thanks.
> >
>
> This is still not showing up in linux-next.
I sent a pending pull request containing it.
Cheers,
Samuel
Hi Dan,
On Wed, Mar 08, 2017 at 08:22:37AM +0300, Dan Carpenter wrote:
> The nci_spi_send() function calls kfree_skb(skb) on both error and
> success so this extra kfree_skb() is a double free.
>
> Fixes: caf6e49bf6d0 ("NFC: nfcmrvl: add spi driver")
> Signed-off-by: Dan Carpenter <[email protected]>
> ---
> Static analysis. Not tested.
Applied to nfc-next, thanks.
Cheers,
Samuel.
On Sun, Apr 02, 2017 at 12:11:17AM +0200, Samuel Ortiz wrote:
> Hi Dan,
>
> On Wed, Mar 08, 2017 at 08:22:37AM +0300, Dan Carpenter wrote:
> > The nci_spi_send() function calls kfree_skb(skb) on both error and
> > success so this extra kfree_skb() is a double free.
> >
> > Fixes: caf6e49bf6d0 ("NFC: nfcmrvl: add spi driver")
> > Signed-off-by: Dan Carpenter <[email protected]>
> > ---
> > Static analysis. Not tested.
> Applied to nfc-next, thanks.
>
This is still not showing up in linux-next.
regards,
dan carpenter