On Fri, 29 Dec 2023 11:54:11 +0100, Christian A. Ehrhardt wrote:
> In of_parse_phandle_with_args_map() the inner loop that
> iterates through the map entries calls of_node_put(new)
> to free the reference acquired by the previous iteration
> of the inner loop. This assumes that the value of "new" is
> NULL on the first iteration of the inner loop.
>
> Make sure that this is true in all iterations of the outer
> loop by setting "new" to NULL after its value is assigned to "cur".
>
> Extend the unittest to detect the double free and add an additional
> test case that actually triggers this path.
>
> Fixes: bd6f2fd5a1 ("of: Support parsing phandle argument lists through a nexus node")
> Cc: Stephen Boyd <stephen.boyd@xxxxxxxxxx>
> Signed-off-by: Christian A. Ehrhardt <lk@xxxxxxx>
> ---
> drivers/of/base.c | 1 +
> drivers/of/unittest-data/tests-phandle.dtsi | 10 ++-
> drivers/of/unittest.c | 74 ++++++++++++---------
> 3 files changed, 53 insertions(+), 32 deletions(-)
>
Applied, thanks!
