On 05/12/15 00:27, Laurent Pinchart wrote: > The GEM object free handler frees memory allocated by the driver using > the pointer to the drm_gem_object instead of the pointer to the > omap_gem_object that embeds it. This doesn't cause any issue in practice > as the drm_gem_object is the first field of omap_gem_object, but would > cause memory corruption if the structure layout changes. Fix it. > > Signed-off-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx> > --- > drivers/gpu/drm/omapdrm/omap_gem.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/omapdrm/omap_gem.c b/drivers/gpu/drm/omapdrm/omap_gem.c > index 644dff8ab516..f24bb71d9946 100644 > --- a/drivers/gpu/drm/omapdrm/omap_gem.c > +++ b/drivers/gpu/drm/omapdrm/omap_gem.c > @@ -1336,7 +1336,7 @@ void omap_gem_free_object(struct drm_gem_object *obj) > > drm_gem_object_release(obj); > > - kfree(obj); > + kfree(omap_obj); > } > > /* GEM buffer object constructor */ > There's another kfree(obj) in omap_gem_new_handle(). Tomi
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/dri-devel
