mtd: maps: Eliminate use after free
Linux-MTD Mailing List
linux-mtd at lists.infradead.org
Mon May 10 13:59:03 EDT 2010
Gitweb: http://git.infradead.org/?p=mtd-2.6.git;a=commit;h=258006d1abcf3f2990d3ebd77d75af335ff24d81
Commit: 258006d1abcf3f2990d3ebd77d75af335ff24d81
Parent: c4e773764cead9358fd4b036d1b883fff3968513
Author: Julia Lawall <julia at diku.dk>
AuthorDate: Fri Apr 2 14:47:38 2010 +0200
Committer: David Woodhouse <David.Woodhouse at intel.com>
CommitDate: Mon May 10 14:22:55 2010 +0100
mtd: maps: Eliminate use after free
Moved the debugging message before the call to map_destroy, which frees its
argument. The message is also slightly changed to reflect its new
position.
A simplified version of the semantic patch that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression E,E2;
@@
del_mtd_device(E)
...
(
E = E2
|
* E
)
// </smpl>
Signed-off-by: Julia Lawall <julia at diku.dk>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy at nokia.com>
Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
---
drivers/mtd/maps/pcmciamtd.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/mtd/maps/pcmciamtd.c b/drivers/mtd/maps/pcmciamtd.c
index 689d6a7..81159d7 100644
--- a/drivers/mtd/maps/pcmciamtd.c
+++ b/drivers/mtd/maps/pcmciamtd.c
@@ -692,8 +692,8 @@ static void pcmciamtd_detach(struct pcmcia_device *link)
if(dev->mtd_info) {
del_mtd_device(dev->mtd_info);
+ info("mtd%d: Removing", dev->mtd_info->index);
map_destroy(dev->mtd_info);
- info("mtd%d: Removed", dev->mtd_info->index);
}
pcmciamtd_release(link);
More information about the linux-mtd-cvs
mailing list