projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: afae4ef)
media: rc: clean the freed urb pointer to avoid double free
authorNil Yi <teroincn@163.com>
Sat, 14 Aug 2021 10:29:39 +0000 (12:29 +0200)
committerMauro Carvalho Chehab <mchehab+huawei@kernel.org>
Thu, 30 Sep 2021 08:07:43 +0000 (10:07 +0200)
After freed rx_urb, we should set the second interface urb to NULL,
otherwise a double free would happen when the driver is removed
from the first interface.

Signed-off-by: Nil Yi <teroincn@163.com>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
drivers/media/rc/imon.c patch | blob | history

diff --git a/drivers/media/rc/imon.c b/drivers/media/rc/imon.c
index 2ca4e86c7b9f1d7f464b25f9e7b0e2dc1eccf156..54da6f60079baa3e178a3ae10a165c687487c309 100644 (file)
--- a/drivers/media/rc/imon.c
+++ b/drivers/media/rc/imon.c
@@ -2358,8 +2358,10 @@ urb_submit_failed:
 touch_setup_failed:
 find_endpoint_failed:
        usb_put_dev(ictx->usbdev_intf1);
+       ictx->usbdev_intf1 = NULL;
        mutex_unlock(&ictx->lock);
        usb_free_urb(rx_urb);
+       ictx->rx_urb_intf1 = NULL;
 rx_urb_alloc_failed:
        dev_err(ictx->dev, "unable to initialize intf1, err %d\n", ret);
 
ep93xx device tree rework repo: git://git.maquefel.me/linux.git