[PATCH] dm: spi: Fix spi_free_slave() freed memory write

Simon Glass sjg at chromium.org
Sat Dec 19 03:29:10 CET 2020


On Wed, 16 Dec 2020 at 04:12, Niel Fourie <lusus at denx.de> wrote:
>
> Remove setting slave->dev to NULL after the device_remove() call.
>
> The slave pointer points to dev->parent_priv, which has already
> been freed by device_free(), called from device_remove() in the
> preceding line. Writing to slave->dev may cause corruption of the
> dlmalloc free chunk forward pointer of the previously freed chunk.
>
> Signed-off-by: Niel Fourie <lusus at denx.de>
> Cc: Simon Glass <sjg at chromium.org>
> ---
>  drivers/spi/spi-uclass.c | 1 -
>  1 file changed, 1 deletion(-)

Reviewed-by: Simon Glass <sjg at chromium.org>


More information about the U-Boot mailing list