From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
commit d8e4771f99c0400a1873235704b28bb803c83d17 upstream.
The "user" pointer was converted from being allocated with kzalloc() to
being allocated by devm_kzalloc(). Calling kfree(user) will lead to a
double free.
Fixes: 6d734f1bfc33 ("mtd: rawnand: atmel: Fix possible memory leak")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Miquel Raynal <miquel.raynal@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/mtd/nand/raw/atmel/pmecc.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/drivers/mtd/nand/raw/atmel/pmecc.c
+++ b/drivers/mtd/nand/raw/atmel/pmecc.c
@@ -380,10 +380,8 @@ atmel_pmecc_create_user(struct atmel_pme
user->delta = user->dmu + req->ecc.strength + 1;
gf_tables = atmel_pmecc_get_gf_tables(req);
- if (IS_ERR(gf_tables)) {
- kfree(user);
+ if (IS_ERR(gf_tables))
return ERR_CAST(gf_tables);
- }
user->gf_tables = gf_tables;
Patches currently in stable-queue which might be from dan.carpenter@xxxxxxxxxx are
queue-5.4/net-hinic-fix-cleanup-in-create_rxqs-txqs.patch
queue-5.4/mtd-rawnand-fix-double-free-in-atmel_pmecc_create_user.patch
queue-5.4/chelsio-chtls-prevent-potential-integer-overflow-on-32bit.patch
