On Fri, 2011-07-29 at 09:08 +0300, Dan Carpenter wrote: > On Thu, Jul 28, 2011 at 11:49:51PM +0200, Jesper Juhl wrote: > > If calling put_ir_rx(rx, true); in > > drivers/staging/lirc/lirc_zilog.c::ir_probe() returns true (1) then it > > means that it has freed it's first argument. Subsequently jumping to > > 'out_put_xx' will cause us to call put_ir_rx() once more since 'rx' is > > not zero - leading to a double free. > > It would be better to just remove the first call to put_ir_rx(). Jesper, (Emails from you don't seem to make it to me, so I looked at your patch in lkml.org archive.) Good catch! Although either fix will work, I do prefer Dan's suggested fix. Could you please implement that? Since emails from you don't seem to make it to me, and since Dan's suggestion is trivial to implement, I'll just ack that form of the fix right now: Acked-by: Andy Walls <awalls@xxxxxxxxxxxxxxxx> Regards, Andy _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
