Commit d74a68da authored by Qiushi Wu's avatar Qiushi Wu Committed by Kelsey Skunberg

usb: gadget: fix potential double-free in m66592_probe.

BugLink: https://bugs.launchpad.net/bugs/1885932

[ Upstream commit 44734a59 ]

m66592_free_request() is called under label "err_add_udc"
and "clean_up", and m66592->ep0_req is not set to NULL after
first free, leading to a double-free. Fix this issue by
setting m66592->ep0_req to NULL after the first free.

Fixes: 0f91349b ("usb: gadget: convert all users to the new udc infrastructure")
Signed-off-by: default avatarQiushi Wu <wu000273@umn.edu>
Signed-off-by: default avatarFelipe Balbi <balbi@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
Signed-off-by: default avatarKelsey Skunberg <kelsey.skunberg@canonical.com>
parent f0e713cf
......@@ -1684,7 +1684,7 @@ static int m66592_probe(struct platform_device *pdev)
err_add_udc:
m66592_free_request(&m66592->ep[0].ep, m66592->ep0_req);
m66592->ep0_req = NULL;
clean_up3:
if (m66592->pdata->on_chip) {
clk_disable(m66592->clk);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment