From: Fabian Frederick <fabf@skynet.be>
Date: Tue, 6 May 2014 19:50:11 +0000 (-0700)
Subject: fs/affs/super.c: bugfix / double free
X-Git-Tag: upstream/snapshot3+hdmi~2698
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=94d3803b8b5aff8b0a8b47116c1f1d37f75c8819;p=platform%2Fadaptation%2Frenesas_rcar%2Frenesas_kernel.git

fs/affs/super.c: bugfix / double free

commit d353efd02357a74753cd45f367a2d3d357fd6904 upstream.

Commit 842a859db26b ("affs: use ->kill_sb() to simplify ->put_super()
and failure exits of ->mount()") adds .kill_sb which frees sbi but
doesn't remove sbi free in case of parse_options error causing double
free+random crash.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/fs/affs/super.c b/fs/affs/super.c
index d098731..9a5b19d 100644
--- a/fs/affs/super.c
+++ b/fs/affs/super.c
@@ -336,8 +336,6 @@ static int affs_fill_super(struct super_block *sb, void *data, int silent)
 				&blocksize,&sbi->s_prefix,
 				sbi->s_volume, &mount_flags)) {
 		printk(KERN_ERR "AFFS: Error parsing options\n");
-		kfree(sbi->s_prefix);
-		kfree(sbi);
 		return -EINVAL;
 	}
 	/* N.B. after this point s_prefix must be released */