[PATCH v1 2/3] f_rockusb: Avoid use-after-free in the global pointer variable
Andy Shevchenko
andriy.shevchenko at linux.intel.com
Thu Dec 3 16:32:04 CET 2020
In case of usb_add_function() failure the error path has two issues:
- the potentially allocated structure isn't getting freed
- the global pointer variable is assigned to garbage
Fix the above mentioned issues by freeing memory and assigning NULL.
Signed-off-by: Andy Shevchenko <andriy.shevchenko at linux.intel.com>
---
drivers/usb/gadget/f_rockusb.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/f_rockusb.c b/drivers/usb/gadget/f_rockusb.c
index 9dd10f9e9aa1..bd846ce9a77b 100644
--- a/drivers/usb/gadget/f_rockusb.c
+++ b/drivers/usb/gadget/f_rockusb.c
@@ -309,8 +309,9 @@ static int rockusb_add(struct usb_configuration *c)
status = usb_add_function(c, &f_rkusb->usb_function);
if (status) {
+ free(f_rkusb->buf_head);
free(f_rkusb);
- rockusb_func = f_rkusb;
+ rockusb_func = NULL;
}
return status;
}
--
2.29.2
More information about the U-Boot
mailing list