From: Dan Carpenter <error27@gmail.com>
Date: Thu, 26 May 2011 08:49:16 +0000 (+0300)
Subject: HID: hiddev: fix use after free in hiddev_release
X-Git-Tag: v3.0-rc4~20^2~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5c699d7d3f94ee1dd934edea889b32f8279a4e65;p=profile%2Fivi%2Fkernel-adaptation-intel-automotive.git

HID: hiddev: fix use after free in hiddev_release

There are a couple use after free bugs here.

Signed-off-by: Dan Carpenter <error27@gmail.com>
[jkosina@suse.cz: removed already fixed hunk]
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
---

diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
index 4985f485..7c1188b 100644
--- a/drivers/hid/usbhid/hiddev.c
+++ b/drivers/hid/usbhid/hiddev.c
@@ -248,12 +248,15 @@ static int hiddev_release(struct inode * inode, struct file * file)
 			usbhid_close(list->hiddev->hid);
 			usbhid_put_power(list->hiddev->hid);
 		} else {
+			mutex_unlock(&list->hiddev->existancelock);
 			kfree(list->hiddev);
+			kfree(list);
+			return 0;
 		}
 	}
 
-	kfree(list);
 	mutex_unlock(&list->hiddev->existancelock);
+	kfree(list);
 
 	return 0;
 }