Am 04.04.2016 um 22:41 schrieb Han Xu: > fix the raw_buffer pointer double free issue found by coverify. > > CID 18344 (#2 of 2): Double free (USE_AFTER_FREE) > 3. double_free: Calling gpmi_alloc_dma_buffer frees pointer > this->raw_buffer which has already been freed > > Signed-off-by: Han Xu <[email protected]> > --- > > changes in v2: > - add coverity check log > --- > drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > index 8122c69..dcb60b0 100644 > --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c > @@ -797,6 +797,7 @@ static void gpmi_free_dma_buffer(struct gpmi_nand_data > *this) > > this->cmd_buffer = NULL; > this->data_buffer_dma = NULL; > + this->raw_buffer = NULL; > this->page_buffer_virt = NULL; > this->page_buffer_size = 0;
Reviewed-by: Richard Weinberger <[email protected]> Aside of that, the driver should IMHO be fixed to not call gpmi_free_dma_buffer() multiple times on the same buffer... Thanks, //richard
