platform/chrome: chromeos_laptop - Fix potential double free

[PATCH] platform/chrome: chromeos_laptop - Fix potential double free

Keita Suzuki posted 1 patch 4 years, 3 months ago

Download mbox

drivers/platform/chrome/chromeos_laptop.c | 1 +
1 file changed, 1 insertion(+)

Expand all Fold all

[PATCH] platform/chrome: chromeos_laptop - Fix potential double free

Posted by Keita Suzuki 4 years, 3 months ago

In chromeos_laptop_prepare(), cros_laptop->i2c_peripherals is allocated
inside chromeos_prepare_i2c_peripherals(), and is also freed when
encountering an error. The caller later calls chromeos_laptop_destroy()
to perform cleanup, which tries to free the same value again. As the
value is not NULLed, this will cause a double free error.

Fix this by setting cros_laptop->i2c_peripherals to NULL in the error
handler inside chromeos_prepare_i2c_peripherals() after conducting the
free.

Signed-off-by: Keita Suzuki <keitasuzuki.park@sslab.ics.keio.ac.jp>
---
 drivers/platform/chrome/chromeos_laptop.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/platform/chrome/chromeos_laptop.c b/drivers/platform/chrome/chromeos_laptop.c
index 4e14b4d6635d..3d10257b1107 100644
--- a/drivers/platform/chrome/chromeos_laptop.c
+++ b/drivers/platform/chrome/chromeos_laptop.c
@@ -785,6 +785,7 @@ chromeos_laptop_prepare_i2c_peripherals(struct chromeos_laptop *cros_laptop,
 			fwnode_remove_software_node(info->fwnode);
 	}
 	kfree(cros_laptop->i2c_peripherals);
+	cros_laptop->i2c_peripherals = NULL;
 	return error;
 }
 
-- 
2.25.1