[media] lirc: use-after free while reading from device and unplugging · c77d17c098 - Gogs: Go Git Service GfA electronic

[media] lirc: use-after free while reading from device and unplugging

Many lirc drivers have their own receive buffers which are freed on
unplug (e.g. ir_lirc_unregister). This means that ir->buf->wait_poll
will be freed directly after unplug so do not remove yourself from the
wait queue.

Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>

Sean Young 8 years ago

parent

afbb110172

commit

c77d17c098

1 changed files with 1 additions and 1 deletions

Split View Show Diff Stats

						
							+ 1
							
							- 1
						
drivers/media/rc/lirc_dev.c
							 
								View File
							
				@@ -715,7 +715,7 @@ ssize_t lirc_dev_fop_read(struct file *file,
			
				 			if (!ir->attached) {
			
				 				ret = -ENODEV;
			
				-				break;
			
				+				goto out_locked;
			
				 			}
			
				 		} else {
			
				 			lirc_buffer_read(ir->buf, buf);