[PATCH 1/1] drm/exynos: Fix freeing issues in exynos_drm_drv.c

Thu, 16 Jan 2014 09:01:45 +0530 

Make 'file_priv' NULL upon freeing and add a check before dereferencing to avoid
the following errors:
drivers/gpu/drm/exynos/exynos_drm_drv.c:182 exynos_drm_open()
error: double free of 'file_priv'
drivers/gpu/drm/exynos/exynos_drm_drv.c:188 exynos_drm_open()
error: dereferencing freed memory 'file_priv'

Signed-off-by: Sachin Kamat <sachin.kamat at linaro.org>
---
 drivers/gpu/drm/exynos/exynos_drm_drv.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/exynos/exynos_drm_drv.c 
b/drivers/gpu/drm/exynos/exynos_drm_drv.c
index 9d096a0..ee84a7b6 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_drv.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_drv.c
@@ -173,6 +173,7 @@ static int exynos_drm_open(struct drm_device *dev, struct 
drm_file *file)
        ret = exynos_drm_subdrv_open(dev, file);
        if (ret) {
                kfree(file_priv);
+               file_priv = NULL;
                file->driver_priv = NULL;
        }

@@ -184,7 +185,8 @@ static int exynos_drm_open(struct drm_device *dev, struct 
drm_file *file)
        }

        anon_filp->f_mode = FMODE_READ | FMODE_WRITE;
-       file_priv->anon_filp = anon_filp;
+       if (file_priv)
+               file_priv->anon_filp = anon_filp;

        return ret;
 }
-- 
1.7.9.5

Reply via email to