1. Patchew
  2. linux
  3. View series

[PATCH next] wifi: mwifiex: fix double free in mwifiex_send_rgpower_table()

Dan Carpenter posted 1 patch 4 days, 8 hours ago 
drivers/net/wireless/marvell/mwifiex/sta_cmd.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
[PATCH next] wifi: mwifiex: fix double free in mwifiex_send_rgpower_table()
Posted by Dan Carpenter 4 days, 8 hours ago 
The "hostcmd" is freed using cleanup.h, so calling kfree() will lead to
a double free.  Delete the kfree().

Fixes: 7b6f16a25806 ("wifi: mwifiex: add rgpower table loading support")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
 drivers/net/wireless/marvell/mwifiex/sta_cmd.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/net/wireless/marvell/mwifiex/sta_cmd.c b/drivers/net/wireless/marvell/mwifiex/sta_cmd.c
index 6d9e2af29a69..91d5098081e8 100644
--- a/drivers/net/wireless/marvell/mwifiex/sta_cmd.c
+++ b/drivers/net/wireless/marvell/mwifiex/sta_cmd.c
@@ -1521,10 +1521,8 @@ int mwifiex_send_rgpower_table(struct mwifiex_private *priv, const u8 *data,
 		return -ENOMEM;
 
 	_data = kmemdup(data, size, GFP_KERNEL);
-	if (!_data) {
-		kfree(hostcmd);
+	if (!_data)
 		return -ENOMEM;
-	}
 
 	pos = _data;
 	ptr = hostcmd->cmd;
-- 
2.47.2
Re: [PATCH next] wifi: mwifiex: fix double free in mwifiex_send_rgpower_table()
Posted by Francesco Dolcini 4 days, 7 hours ago 
On Fri, Sep 05, 2025 at 11:02:14AM +0300, Dan Carpenter wrote:
> The "hostcmd" is freed using cleanup.h, so calling kfree() will lead to
> a double free.  Delete the kfree().
> 
> Fixes: 7b6f16a25806 ("wifi: mwifiex: add rgpower table loading support")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>

Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>

Francesco

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.