| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 Feb 2020 15:12:08 +0000
From: Lee Jones <lee.jones@...aro.org>
To: Greg KH <greg@...ah.com>
Cc: stable@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] media: si470x-i2c: Move free() past last use of
'radio'
On Mon, 03 Feb 2020, Greg KH wrote:
> On Mon, Feb 03, 2020 at 02:32:45PM +0000, Greg KH wrote:
> > On Mon, Feb 03, 2020 at 01:21:30PM +0000, Lee Jones wrote:
> > > A pointer to 'struct si470x_device' is currently used after free:
> > >
> > > drivers/media/radio/si470x/radio-si470x-i2c.c:462:25-30: ERROR: reference
> > > preceded by free on line 460
> > >
> > > Shift the call to free() down past its final use.
> > >
> > > NB: Not sending to Mainline, since the problem does not exist there.
> >
> > It doesn't exist there because of a bad merge? What commit caused the
> > problem?
>
> Ah, found it, it was 2df200ab234a ("media: si470x-i2c: add missed
> operations in remove")
I was about to follow up with a v2:
"NB: Cauased during the backporting of upstream commit 2df200ab234a
("media: si470x-i2c: add missed operations in remove"). This issue does
not exist in Mainline since the kfree() was removed in v5.0 as part of
commit f86c51b66bf6 ("media: si470x-i2c: Use managed resource helpers")."
--
Lee Jones [李琼斯]
Linaro Services Technical Lead
Linaro.org │ Open source software for ARM SoCs
Follow Linaro: Facebook | Twitter | Blog
Powered by blists - more mailing lists