[patch] drm/exynos: potential use after free in exynos_drm_open()
Dan Carpenter
dan.carpenter at oracle.com
Tue Jan 21 05:35:56 PST 2014
On Tue, Jan 21, 2014 at 01:43:55PM +0100, walter harms wrote:
>
> i have just noticed: The function already exits
>
> 194 static void exynos_drm_postclose(struct drm_device *dev, struct drm_file *file)
> 195 {
> 196 if (!file->driver_priv)
> 197 return;
> 198
> 199 kfree(file->driver_priv);
> 200 file->driver_priv = NULL;
> 201 }
The function is different in the current code. I glanced through
drm_open_helper() and I don't see that file->driver_priv to NULL is
needed anyway...
regards,
dan carpenter
More information about the dri-devel
mailing list