The patch titled
sx.c: avoid referencing freed memory if copy_from_user() fails
has been added to the -mm tree. Its filename is
sxc-avoid-referencing-freed-memory-if-copy_from_user-fails.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: sx.c: avoid referencing freed memory if copy_from_user() fails
From: Dan Carpenter <error27@xxxxxxxxx>
The "break" would just result in reusing a free'd pointer. I don't have
the cards myself to test it though. :/
Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
Cc: Ilpo Järvinen <ilpo.jarvinen@xxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/char/sx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -puN drivers/char/sx.c~sxc-avoid-referencing-freed-memory-if-copy_from_user-fails drivers/char/sx.c
--- a/drivers/char/sx.c~sxc-avoid-referencing-freed-memory-if-copy_from_user-fails
+++ a/drivers/char/sx.c
@@ -1789,7 +1789,7 @@ static long sx_fw_ioctl(struct file *fil
nbytes - i : SX_CHUNK_SIZE)) {
kfree(tmp);
rc = -EFAULT;
- break;
+ goto out;
}
memcpy_toio(board->base2 + offset + i, tmp,
(i + SX_CHUNK_SIZE > nbytes) ?
_
Patches currently in -mm which might be from error27@xxxxxxxxx are
origin.patch
sxc-fix-dbl-statement-if-add-missing-braces.patch
sxc-avoid-referencing-freed-memory-if-copy_from_user-fails.patch
linux-next.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
