lists.zerezo.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[2.6 patch] vivi_release(): fix use-after-free

Date: Thu, 28 Aug 2008 01:01:57 +0300
From: Adrian Bunk <bunk@xxxxxxxxxx>
Subject: [2.6 patch] vivi_release(): fix use-after-free

video_device_release() does kfree(), which made the following printk() 
doing a use-after-free.

printk() first and release then.

Reported-by: Adrian Bunk <bunk@xxxxxxxxxx>
Signed-off-by: Adrian Bunk <bunk@xxxxxxxxxx>

---
c2fc2b28db99432313aab1f86937f204f8bd4c9b 
diff --git a/drivers/media/video/vivi.c b/drivers/media/video/vivi.c
index 3518af0..35ffd28 100644
--- a/drivers/media/video/vivi.c
+++ b/drivers/media/video/vivi.c
@@ -1021,13 +1021,13 @@ static int vivi_release(void)
 		dev = list_entry(list, struct vivi_dev, vivi_devlist);
 
 		if (-1 != dev->vfd->minor) {
-			video_unregister_device(dev->vfd);
-			printk(KERN_INFO "%s: /dev/video%d unregistered.\n",
+			printk(KERN_INFO "%s: unregistering /dev/video%d\n",
 				VIVI_MODULE_NAME, dev->vfd->minor);
+			video_unregister_device(dev->vfd);
 		} else {
-			video_device_release(dev->vfd);
-			printk(KERN_INFO "%s: /dev/video%d released.\n",
+			printk(KERN_INFO "%s: releasing /dev/video%d\n",
 				VIVI_MODULE_NAME, dev->vfd->minor);
+			video_device_release(dev->vfd);
 		}
 
 		kfree(dev);

--
video4linux-list mailing list
Unsubscribe mailto:video4linux-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/video4linux-list

Prev by Date: Inclusion of STB0899 support in kernel
Next by Date: [2.6 patch] gspca.c:dev_open(): fix use of uninitialized variable
Previous by thread: Inclusion of STB0899 support in kernel
Next by thread: [2.6 patch] gspca.c:dev_open(): fix use of uninitialized variable
Index(es):
- Date
- Thread