From: Julia Lawall <julia@diku.dk>
Date: Tue, 30 Mar 2010 05:33:28 +0000 (-0700)
Subject: drivers/serial/sunsu.c: Correct use after free
X-Git-Tag: v2.6.34-rc4~74^2~6
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4a3987fa075b2d15ebc3d59b01fb7ed403cd3e1;p=pandora-kernel.git

drivers/serial/sunsu.c: Correct use after free

The of_iounmap is at the out_unmap label, but at that point up has already
been freed.  The free cannot be moved to the out_unmap label, because that
label is reachable from cases where up should not be freed.  So the call to
of_iounmap is just duplicated, and the goto converted to a return.

A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression x,e;
identifier f;
iterator I;
statement S;
@@

*kfree(x);
... when != &x
    when != x = e
    when != I(x,...) S
*x->f
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed