commit
210bd104c6acd31c3c6b8b075b3f12d4a9f6b60d upstream.
We have to unlock before returning -ENOMEM.
Fixes:
8dfbcc4351a0 ('[media] xc2028: avoid use after free')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
[sw0312.kim: cherry-pick from linux-3.10.y to fix CVE-2016-7913]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ide4fb750d136709ecacb9cb0b9739b893a08ec99
memcpy(&priv->ctrl, p, sizeof(priv->ctrl));
if (p->fname) {
priv->ctrl.fname = kstrdup(p->fname, GFP_KERNEL);
- if (priv->ctrl.fname == NULL)
- return -ENOMEM;
+ if (priv->ctrl.fname == NULL) {
+ rc = -ENOMEM;
+ goto unlock;
+ }
}
/*
} else
priv->state = XC2028_WAITING_FIRMWARE;
}
+unlock:
mutex_unlock(&priv->lock);
return rc;