diff options
author | Sebin Sebastian <mailmesebin00@gmail.com> | 2022-07-30 06:46:58 +0300 |
---|---|---|
committer | Alex Deucher <alexander.deucher@amd.com> | 2022-08-10 22:41:23 +0300 |
commit | ad2feebd71ff80532dff75756d1103f056358614 (patch) | |
tree | 92a551b7b0db05bc1633a751d73ccde8a3597570 /drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | |
parent | a6250bdb6c4677ee77d699b338e077b900f94c0c (diff) | |
download | linux-ad2feebd71ff80532dff75756d1103f056358614.tar.xz |
drm/amdgpu: double free error and freeing uninitialized null pointer
Fix a double free and an uninitialized pointer read error. Both tmp and
new are pointing at same address and both are freed which leads to
double free. Adding a check to verify if new and tmp are free in the
error_free label fixes the double free issue. new is not initialized to
null which also leads to a free on an uninitialized pointer.
Reviewed-by: André Almeida <andrealmeid@igalia.com>
Suggested by: S. Amaranath <Amaranath.Somalapuram@amd.com>
Signed-off-by: Sebin Sebastian <mailmesebin00@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c')
-rw-r--r-- | drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c index e2eec985adb3..cb00c7d6f50b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c @@ -1705,7 +1705,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, { struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private; char reg_offset[11]; - uint32_t *new, *tmp = NULL; + uint32_t *new = NULL, *tmp = NULL; int ret, i = 0, len = 0; do { @@ -1747,7 +1747,8 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, ret = size; error_free: - kfree(tmp); + if (tmp != new) + kfree(tmp); kfree(new); return ret; } |