musb: potential use after free
authorDan Carpenter <error27@gmail.com>
Thu, 25 Mar 2010 11:14:27 +0000 (13:14 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Fri, 30 Apr 2010 16:25:08 +0000 (09:25 -0700)
We assign "urb->hcpriv = qh;" a few lines down.  I'm pretty sure we
want it "urb->hcpriv" to be NULL not a freed value.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
drivers/usb/musb/musb_host.c

index dec896e..877d20b 100644 (file)
@@ -2042,6 +2042,7 @@ static int musb_urb_enqueue(
                 * odd, rare, error prone, but legal.
                 */
                kfree(qh);
+               qh = NULL;
                ret = 0;
        } else
                ret = musb_schedule(musb, qh,