[CVE-2016-7913][PATCH Trusty] [media] xc2028: avoid use after free
Kai-Heng Feng
kai.heng.feng at canonical.com
Mon Jun 19 03:16:59 UTC 2017
On Mon, Jun 19, 2017 at 10:50 AM, Po-Hsu Lin <po-hsu.lin at canonical.com> wrote:
[snip]
> @@ -1385,11 +1385,12 @@ static int xc2028_set_config(struct dvb_frontend *fe, void *priv_cfg)
> * in order to avoid troubles during device release.
> */
> kfree(priv->ctrl.fname);
> + priv->ctrl.fname = NULL;
> memcpy(&priv->ctrl, p, sizeof(priv->ctrl));
> if (p->fname) {
> priv->ctrl.fname = kstrdup(p->fname, GFP_KERNEL);
> if (priv->ctrl.fname == NULL)
> - rc = -ENOMEM;
> + return -ENOMEM;
If the function returns here, there's a locked mutex that's not being unlocked.
Commit 22a1e7783e173ab3d86018eb590107d68df46c11 should address the
issue properly.
> }
>
> /*
> --
> 1.7.9.5
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list