From: Julia Lawall <julia@diku.dk>
Date: Mon, 12 May 2008 21:02:16 +0000 (-0700)
Subject: drivers/video/pnx4008: eliminate double free
X-Git-Tag: v2.6.26-rc3~94
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a6278e5e4bce72ace681ae3cf48209fb63a5420;p=pandora-kernel.git

drivers/video/pnx4008: eliminate double free

The function framebuffer_release just calls kfree, so calling kfree
subsequently on the same argument represents a double free.  The comments with
the definition of framebuffer_release in drivers/video/fbsysfs.c suggest that
a more elaborate definition of this function is planned, such that the
splitting up of framebuffer_release and kfree as done in the second instance
might someday make sense, but it does not make sense now.

This was found using the following semantic match.
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@@
expression E;
@@

* kfree(E);
...
* framebuffer_release(E);

@@
expression E;
@@

* framebuffer_release(E);
...
* kfree(E);
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Cc: Vitaly Wool <vitalywool@gmail.com>
Cc: Krzysztof Helt <krzysztof.h1@wp.pl>
Cc: Grigory Tolstolytkin <gtolstolytkin@ru.mvista.com>
Cc: Antonino Daplas <adaplas@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---

Reading git-diff-tree failed