Message ID | 1459802489-30382-1-git-send-email-han.xu@nxp.com |
---|---|
State | Accepted |
Headers | show |
Am 04.04.2016 um 22:41 schrieb Han Xu: > fix the raw_buffer pointer double free issue found by coverify. > > CID 18344 (#2 of 2): Double free (USE_AFTER_FREE) > 3. double_free: Calling gpmi_alloc_dma_buffer frees pointer > this->raw_buffer which has already been freed > > Signed-off-by: Han Xu <han.xu@nxp.com> > --- > > changes in v2: > - add coverity check log > --- > drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > index 8122c69..dcb60b0 100644 > --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > @@ -797,6 +797,7 @@ static void gpmi_free_dma_buffer(struct gpmi_nand_data *this) > > this->cmd_buffer = NULL; > this->data_buffer_dma = NULL; > + this->raw_buffer = NULL; > this->page_buffer_virt = NULL; > this->page_buffer_size = 0; Reviewed-by: Richard Weinberger <richard@nod.at> Aside of that, the driver should IMHO be fixed to not call gpmi_free_dma_buffer() multiple times on the same buffer... Thanks, //richard
On Mon, 4 Apr 2016 15:41:29 -0500 Han Xu <han.xu@nxp.com> wrote: > fix the raw_buffer pointer double free issue found by coverify. > > CID 18344 (#2 of 2): Double free (USE_AFTER_FREE) > 3. double_free: Calling gpmi_alloc_dma_buffer frees pointer > this->raw_buffer which has already been freed > > Signed-off-by: Han Xu <han.xu@nxp.com> Applied. Thanks, Boris > --- > > changes in v2: > - add coverity check log > --- > drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > index 8122c69..dcb60b0 100644 > --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > @@ -797,6 +797,7 @@ static void gpmi_free_dma_buffer(struct gpmi_nand_data *this) > > this->cmd_buffer = NULL; > this->data_buffer_dma = NULL; > + this->raw_buffer = NULL; > this->page_buffer_virt = NULL; > this->page_buffer_size = 0; > }
diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c index 8122c69..dcb60b0 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -797,6 +797,7 @@ static void gpmi_free_dma_buffer(struct gpmi_nand_data *this) this->cmd_buffer = NULL; this->data_buffer_dma = NULL; + this->raw_buffer = NULL; this->page_buffer_virt = NULL; this->page_buffer_size = 0; }
fix the raw_buffer pointer double free issue found by coverify. CID 18344 (#2 of 2): Double free (USE_AFTER_FREE) 3. double_free: Calling gpmi_alloc_dma_buffer frees pointer this->raw_buffer which has already been freed Signed-off-by: Han Xu <han.xu@nxp.com> --- changes in v2: - add coverity check log --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 1 + 1 file changed, 1 insertion(+)