From: Julia Lawall <julia@diku.dk>
Date: Fri, 30 Jul 2010 15:17:28 +0000 (+0200)
Subject: SA1111: Eliminate use after free
X-Git-Tag: v2.6.35~2^2~2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2d2420bbf4bb125ea5f2e1573d4da6b668fc78a;p=pandora-kernel.git

SA1111: Eliminate use after free

__sa1111_remove always frees its argument, so the subsequent reference to
sachip->saved_state represents a use after free.  __sa1111_remove does not
appear to use the saved_state field, so the patch simply frees it first.

A simplified version of the semantic patch that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// <smpl>
@@
expression E,E2;
@@

__sa1111_remove(E)
...
(
  E = E2
|
* E
)
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
---

Reading git-diff-tree failed