On Mon, Dec 09, 2019 at 04:58:07PM +0800, Chuhong Yuan wrote:
> diff --git a/drivers/staging/media/allegro-dvt/allegro-core.c b/drivers/staging/media/allegro-dvt/allegro-core.c
> index 6f0cd0784786..5f1d454b41bb 100644
> --- a/drivers/staging/media/allegro-dvt/allegro-core.c
> +++ b/drivers/staging/media/allegro-dvt/allegro-core.c
> @@ -2341,6 +2341,13 @@ static int allegro_open(struct file *file)
> channel->fh.m2m_ctx = v4l2_m2m_ctx_init(dev->m2m_dev, channel,
> allegro_queue_init);
>
> + if (IS_ERR(channel->fh.m2m_ctx)) {
> + v4l2_fh_del(&channel->fh);
> + v4l2_fh_exit(&channel->fh);
> + kfree(channel);
^^^^^^^
Free
> + return PTR_ERR(channel->fh.m2m_ctx);
^^^^^^^^^^^^^^^^^^^
Dereferencing freed memory.
regards,
dan carpenter
> + }
> +
