From: Wei Yongjun <yongjun_wei@xxxxxxxxxxxxxxxxx> Since rc_unregister_device() frees its argument, the subsequently call to rc_free_device() on the same variable will cause a double free bug. Fix by set argument to NULL, thus when fall through to rc_free_device(), nothing will be done there. Signed-off-by: Wei Yongjun <yongjun_wei@xxxxxxxxxxxxxxxxx> --- drivers/media/rc/ene_ir.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/rc/ene_ir.c b/drivers/media/rc/ene_ir.c index ee6c984..ed184f6 100644 --- a/drivers/media/rc/ene_ir.c +++ b/drivers/media/rc/ene_ir.c @@ -1098,6 +1098,7 @@ exit_release_hw_io: release_region(dev->hw_io, ENE_IO_SIZE); exit_unregister_device: rc_unregister_device(rdev); + rdev = NULL; exit_free_dev_rdev: rc_free_device(rdev); kfree(dev); -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
