From: Julia Lawall <julia@xxxxxxx> Date: Mon, 8 Aug 2011 18:28:50 +0200 > From: Julia Lawall <julia@xxxxxxx> > > In this code, the failure_cleanup label calls the function > plx_pci_del_card, which frees everything in the card->net_dev array. dev > is placed in this array immediately after allocation, so the two subsequent > jumps to failure_cleanup should not also call free_sja1000dev, but the > second one does. > > If plx_pci_check_sja1000 fails, then free_sja1000dev is also called on > dev. Because dev is already in the card->net_dev array, this implies that > when plx_pci_del_card is later called, it may get freed again. So that > entry is reset to NULL after the free. > > Finally, if there is a problem with one channel, there will be a hole in the > array. card->channels counts the number of channels that have succeeded, > and does not keep track of the index of the largest element in the array > that is valid. So the loop in plx_pci_del_card is changed to go up to > PLX_PCI_MAX_CHAN, which is only 2. > > Signed-off-by: Julia Lawall <julia@xxxxxxx> Applied. -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
