The patch titled
UBI: dereference after kfree in create_vtbl
has been added to the -mm tree. Its filename is
ubi-dereference-after-kfree-in-create_vtbl.patch
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: UBI: dereference after kfree in create_vtbl
From: Florin Malita <fmalita@xxxxxxxxx>
Coverity (CID 1614) spotted new_seb being dereferenced after kfree() in
create_vtbl's write_error path.
Signed-off-by: Florin Malita <fmalita@xxxxxxxxx>
Cc: Artem Bityutskiy <dedekind@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/mtd/ubi/vtbl.c | 11 +++++------
1 files changed, 5 insertions(+), 6 deletions(-)
diff -puN drivers/mtd/ubi/vtbl.c~ubi-dereference-after-kfree-in-create_vtbl drivers/mtd/ubi/vtbl.c
--- a/drivers/mtd/ubi/vtbl.c~ubi-dereference-after-kfree-in-create_vtbl
+++ a/drivers/mtd/ubi/vtbl.c
@@ -317,14 +317,13 @@ retry:
return err;
write_error:
- kfree(new_seb);
- /* May be this physical eraseblock went bad, try to pick another one */
- if (++tries <= 5) {
+ /* Maybe this physical eraseblock went bad, try to pick another one */
+ if (++tries <= 5)
err = ubi_scan_add_to_list(si, new_seb->pnum, new_seb->ec,
&si->corr);
- if (!err)
- goto retry;
- }
+ kfree(new_seb);
+ if (!err)
+ goto retry;
out_free:
ubi_free_vid_hdr(ubi, vid_hdr);
return err;
_
Patches currently in -mm which might be from fmalita@xxxxxxxxx are
ubi-dereference-after-kfree-in-create_vtbl.patch
devpts-add-fsnotify-create-event.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
