The GEM object free handler frees memory allocated by the driver using the pointer to the drm_gem_object instead of the pointer to the omap_gem_object that embeds it. This doesn't cause any issue in practice as the drm_gem_object is the first field of omap_gem_object, but would cause memory corruption if the structure layout changes. Fix it. Signed-off-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx> --- drivers/gpu/drm/omapdrm/omap_gem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/omapdrm/omap_gem.c b/drivers/gpu/drm/omapdrm/omap_gem.c index 644dff8ab516..f24bb71d9946 100644 --- a/drivers/gpu/drm/omapdrm/omap_gem.c +++ b/drivers/gpu/drm/omapdrm/omap_gem.c @@ -1336,7 +1336,7 @@ void omap_gem_free_object(struct drm_gem_object *obj) drm_gem_object_release(obj); - kfree(obj); + kfree(omap_obj); } /* GEM buffer object constructor */ -- 2.4.10 _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/dri-devel
