Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

rtc: class: fix double free in rtc_register_device() error path

Commit 59cca865f21e ("drivers/rtc/class.c: fix device_register() error
handling") correctly noted that naked kfree() should not be used after
failed device_register() call, however, while it added the needed
put_device() it forgot to remove the original kfree() causing double-free.

Cc: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Dmitry Torokhov 10 years ago
parent
dfe6c04aa2
commit
6706664d92
1 changed files with 2 additions and 4 deletions
Unified View Show Diff Stats
  1. 2 4
      drivers/rtc/class.c

+ 2 - 4
drivers/rtc/class.c
View File 

@@ -234,8 +234,9 @@ struct rtc_device *rtc_device_register(const char *name, struct device *dev,
 
 
 
 	err = device_register(&rtc->dev);
 
 	err = device_register(&rtc->dev);
 
 	if (err) {
 
 	if (err) {
 
+		/* This will free both memory and the ID */
 
 		put_device(&rtc->dev);
 
 		put_device(&rtc->dev);
 
-		goto exit_kfree;
 
+		goto exit;
 
 	}
 
 	}
 
 
 
 	rtc_dev_add_device(rtc);
 
 	rtc_dev_add_device(rtc);
 
@@ -247,9 +248,6 @@ struct rtc_device *rtc_device_register(const char *name, struct device *dev,
 
 
 
 	return rtc;
 
 	return rtc;
 
 
 
-exit_kfree:
 
-	kfree(rtc);
 
-
 
 exit_ida:
 
 exit_ida:
 
 	ida_simple_remove(&rtc_ida, id);
 
 	ida_simple_remove(&rtc_ida, id);