diff options
| author | Sebin Sebastian <[email protected]> | 2022-07-30 03:46:58 +0000 |
|---|---|---|
| committer | Alex Deucher <[email protected]> | 2022-08-10 19:41:23 +0000 |
| commit | ad2feebd71ff80532dff75756d1103f056358614 (patch) | |
| tree | 92a551b7b0db05bc1633a751d73ccde8a3597570 /drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | |
| parent | drm/amdgpu: Only disable prefer_shadow on hawaii (diff) | |
| download | kernel-ad2feebd71ff80532dff75756d1103f056358614.tar.gz kernel-ad2feebd71ff80532dff75756d1103f056358614.zip | |
drm/amdgpu: double free error and freeing uninitialized null pointer
Fix a double free and an uninitialized pointer read error. Both tmp and
new are pointing at same address and both are freed which leads to
double free. Adding a check to verify if new and tmp are free in the
error_free label fixes the double free issue. new is not initialized to
null which also leads to a free on an uninitialized pointer.
Reviewed-by: André Almeida <[email protected]>
Suggested by: S. Amaranath <[email protected]>
Signed-off-by: Sebin Sebastian <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
Diffstat (limited to 'drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c')
| -rw-r--r-- | drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c index e2eec985adb3..cb00c7d6f50b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c @@ -1705,7 +1705,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, { struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private; char reg_offset[11]; - uint32_t *new, *tmp = NULL; + uint32_t *new = NULL, *tmp = NULL; int ret, i = 0, len = 0; do { @@ -1747,7 +1747,8 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f, ret = size; error_free: - kfree(tmp); + if (tmp != new) + kfree(tmp); kfree(new); return ret; } |