projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3d9943b)
MLK-11911-5 mxc IPUv3: pixel clk: Free gate clk memory if clk_regiser fails
authorLiu Ying <Ying.Liu@freescale.com>
Thu, 26 Nov 2015 08:30:25 +0000 (16:30 +0800)
committerNitin Garg <nitin.garg@nxp.com>
Mon, 19 Mar 2018 19:49:17 +0000 (14:49 -0500)
This patch fixes the following issue reported by Coverity:
if (IS_ERR(clk))
freed_arg: kfree frees clk. [Note: The source code implementation of the
function has been overridden by a builtin model.]
kfree(clk);

Use after free (USE_AFTER_FREE)
use_after_free: Using freed pointer clk.
return clk;

Signed-off-by: Liu Ying <Ying.Liu@freescale.com>
drivers/mxc/ipu3/ipu_pixel_clk.c patch | blob | history

diff --git a/drivers/mxc/ipu3/ipu_pixel_clk.c b/drivers/mxc/ipu3/ipu_pixel_clk.c
index 7d3e96c..66e73dd 100644 (file)
--- a/drivers/mxc/ipu3/ipu_pixel_clk.c
+++ b/drivers/mxc/ipu3/ipu_pixel_clk.c
@@ -311,7 +311,7 @@ struct clk *clk_register_gate_pix_clk(struct device *dev, const char *name,
 
        clk = clk_register(dev, &gate->hw);
        if (IS_ERR(clk))
-               kfree(clk);
+               kfree(gate);
 
        return clk;
 }