In "vt_do_kdgkb_ioctl", kbs is kmalloced, if cmd is one of
KDGKBSENT or KDGSKBSENT.
If cmd is none of the above, no kbs is kmalloced, and thus,
kbs must only be kfreed if it is really kmalloced.
Signed-off-by: Ajay Garg <ajaygargnsit@xxxxxxxxx>
---
drivers/tty/vt/keyboard.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
index dfef7de8a057..95839987c79c 100644
--- a/drivers/tty/vt/keyboard.c
+++ b/drivers/tty/vt/keyboard.c
@@ -2049,7 +2049,7 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
{
unsigned char kb_func;
unsigned long flags;
- char *kbs;
+ char *kbs = NULL;
int ret;
if (get_user(kb_func, &user_kdgkb->kb_func))
@@ -2092,7 +2092,8 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
break;
}
- kfree(kbs);
+ if(kbs)
+ kfree(kbs);
return ret;
}
--
2.30.2
