raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-06 01:49:46 +00:00
Code Issues Projects Releases Wiki Activity

vcsm: increment res_stats MAP_FAIL stats before we potentially release the resource

Browse Source 
resource can be kfree'd when the reference count is zero, so we should
not bump the res_stats of the resource after the vmcs_sm_release_resource
call since the resource may have been kfree'd by this call. Instead, bump
the stats before we call vmcs_sm_release_resource to avoid a potential
NULL pointer derefernce.

Bug found using cppcheck static analysis:

[drivers/char/broadcom/vc_sm/vmcs_sm.c:1373]: (error) Dereferencing
  'resource' after it is deallocated / released

Signed-off-by: Colin Ian King <colin.king@canonical.com>
This commit is contained in:
Colin Ian King
2015-09-02 07:27:36 -04:00
committed by popcornmix
parent 875cf2e542
commit 09ecd711af
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/char/broadcom/vc_sm/vmcs_sm.c
View File

@@ -1368,8 +1368,8 @@ static int vc_sm_mmap(struct file *file, struct vm_area_struct *vma)
return 0;
error:
vmcs_sm_release_resource(resource, 0);
resource->res_stats[MAP_FAIL]++;
vmcs_sm_release_resource(resource, 0);
return ret;
}