-
Julia Lawall authored
The function framebuffer_release just calls kfree, so calling kfree subsequently on the same argument represents a double free. The comments with the definition of framebuffer_release in drivers/video/fbsysfs.c suggest that a more elaborate definition of this function is planned, such that the splitting up of framebuffer_release and kfree as done in the second instance might someday make sense, but it does not make sense now. This was found using the following semantic match. (http://www.emn.fr/x-info/coccinelle/) // <smpl> @@ expression E; @@ * kfree(E); ... * framebuffer_release(E); @@ expression E; @@ * framebuffer_release(E); ... * kfree(E); // </smpl> Signed-off-by:
Julia Lawall <julia@diku.dk> Cc: Vitaly Wool <vitalywool@gmail.com> Cc: Krzysztof Helt <krzysztof.h1@wp.pl> Cc: Grigory Tolstolytkin <gtolstolytkin@ru.mvista.com> Cc: Antonino Daplas <adaplas@gmail.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
7a6278e5
