From 5dd3f9018a76d193f3d11910d21dfe9cdf27b6cc Mon Sep 17 00:00:00 2001 From: Pauli Nieminen Date: Wed, 4 Jan 2012 16:07:33 +0200 Subject: [PATCH] gfx: drv: Clear links when freeing head of list Linked list is freed in psb_cleanup_pending_events is called just before head of linked list is freed. All list entries needs to be initialized to be empty lists to avoid accessing freed memory if logic changes in future. Signed-off-by: Pauli Nieminen Reviewed-by: Jani Nikula Signed-off-by: Kirill A. Shutemov --- drivers/staging/mrst/drv/psb_page_flip.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/staging/mrst/drv/psb_page_flip.c b/drivers/staging/mrst/drv/psb_page_flip.c index 1b0cec0..53f0fde 100644 --- a/drivers/staging/mrst/drv/psb_page_flip.c +++ b/drivers/staging/mrst/drv/psb_page_flip.c @@ -52,14 +52,16 @@ void psb_cleanup_pending_events(struct drm_device *dev, struct psb_fpriv *priv) { struct drm_pending_vblank_event *e; - struct pending_flip *pending_flip; + struct pending_flip *pending_flip, *temp; unsigned long flags; spin_lock_irqsave(&dev->event_lock, flags); - list_for_each_entry(pending_flip, &priv->pending_flips, uncompleted) { + list_for_each_entry_safe(pending_flip, temp, &priv->pending_flips, + uncompleted) { e = pending_flip->event; pending_flip->event = NULL; e->base.destroy(&e->base); + list_del_init(&pending_flip->uncompleted); } spin_unlock_irqrestore(&dev->event_lock, flags); } -- 2.7.4