mtd: gpmi: fix raw_buffer pointer double free issue

[Linux-MTD Mailing List]

Gitweb:     http://git.infradead.org/?p=mtd-2.6.git;a=commit;h=2cd395d13a104cd96ddae5c5612871dc18553cca
Commit:     2cd395d13a104cd96ddae5c5612871dc18553cca
Parent:     269ecf03a5b32b0d1de1f60a4b86b75c0521053f
Author:     Han Xu <han.xu at nxp.com>
AuthorDate: Mon Apr 4 15:41:29 2016 -0500
Committer:  Boris Brezillon <boris.brezillon at free-electrons.com>
CommitDate: Tue Apr 19 22:04:52 2016 +0200

    mtd: gpmi: fix raw_buffer pointer double free issue
    
    fix the raw_buffer pointer double free issue found by coverify.
    
    CID 18344 (#2 of 2): Double free (USE_AFTER_FREE)
    3. double_free: Calling gpmi_alloc_dma_buffer frees pointer
    this->raw_buffer which has already been freed
    
    Signed-off-by: Han Xu <han.xu at nxp.com>
    Reviewed-by: Richard Weinberger <richard at nod.at>
    Signed-off-by: Boris Brezillon <boris.brezillon at free-electrons.com>
---
 drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
index 8122c69..dcb60b0 100644
--- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
+++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
@@ -797,6 +797,7 @@ static void gpmi_free_dma_buffer(struct gpmi_nand_data *this)
 
 	this->cmd_buffer	= NULL;
 	this->data_buffer_dma	= NULL;
+	this->raw_buffer	= NULL;
 	this->page_buffer_virt	= NULL;
 	this->page_buffer_size	=  0;
 }