From 5b83cfa98569663b6fa6cda85a1f2fd371a082c7 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Tue, 14 Apr 2009 19:50:33 -0300 Subject: [PATCH] V4L/DVB (11515): drivers/media/video/saa5249.c: fix use-after-free and leak I moved the kfree() down a couple lines. t->vdev is going to be in freed memory so there is no point setting it to NULL. I added a kfree(t) on a Signed-off-by: Mauro Carvalho Chehab --- drivers/media/video/saa5249.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/video/saa5249.c b/drivers/media/video/saa5249.c index 48b27fe48087..271d6e931b75 100644 --- a/drivers/media/video/saa5249.c +++ b/drivers/media/video/saa5249.c @@ -598,6 +598,7 @@ static int saa5249_probe(struct i2c_client *client, /* Now create a video4linux device */ t->vdev = video_device_alloc(); if (t->vdev == NULL) { + kfree(t); kfree(client); return -ENOMEM; } @@ -617,9 +618,8 @@ static int saa5249_probe(struct i2c_client *client, /* Register it */ err = video_register_device(t->vdev, VFL_TYPE_VTX, -1); if (err < 0) { - kfree(t); video_device_release(t->vdev); - t->vdev = NULL; + kfree(t); return err; } return 0;