evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/drivers
History
Ian Abbott 0241c6f9f5 staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf 
commit af4b54a2e5ba18259ff9aac445bf546dd60d037e upstream.

`ni6501_alloc_usb_buffers()` is called from `ni6501_auto_attach()` to
allocate RX and TX buffers for USB transfers.  It allocates
`devpriv->usb_rx_buf` followed by `devpriv->usb_tx_buf`.  If the
allocation of `devpriv->usb_tx_buf` fails, it frees
`devpriv->usb_rx_buf`, leaving the pointer set dangling, and returns an
error.  Later, `ni6501_detach()` will be called from the core comedi
module code to clean up.  `ni6501_detach()` also frees both
`devpriv->usb_rx_buf` and `devpriv->usb_tx_buf`, but
`devpriv->usb_rx_buf` may have already beed freed, leading to a
double-free error.  Fix it bu removing the call to
`kfree(devpriv->usb_rx_buf)` from `ni6501_alloc_usb_buffers()`, relying
on `ni6501_detach()` to free the memory.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-27 09:34:01 +02:00
..
accessibility
acpi ACPI / SBS: Fix GPE storm on recent MacBookPro's 2019-04-27 09:33:58 +02:00
amba ARM: amba: Don't read past the end of sysfs "driver_override" buffer 2018-05-02 07:53:42 -07:00
android binder: add missing binder_unlock() 2018-02-28 10:17:23 +01:00
ata sata_rcar: fix deferred probing 2019-02-20 10:13:08 +01:00
atm atm: he: fix sign-extension overflow on large shift 2019-03-23 08:44:16 +01:00
auxdisplay
base PM / wakeup: Rework wakeup source timer cancellation 2019-03-23 08:44:39 +01:00
bcma
block block/swim3: Fix -EBUSY error when re-opening device after unmount 2019-02-20 10:13:13 +01:00
bluetooth Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV" 2018-11-27 16:08:01 +01:00
bus bus: brcmstb_gisb: correct support for 64-bit address output 2018-04-13 19:50:05 +02:00
cdrom cdrom: Fix race condition in cdrom_sysctl_register 2019-04-27 09:33:52 +02:00
char tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete 2019-04-27 09:34:00 +02:00
clk clk: ingenic: Fix round_rate misbehaving with non-integer dividers 2019-03-23 08:44:36 +01:00
clocksource clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown 2019-03-23 08:44:35 +01:00
connector
cpufreq cpufreq: pxa2xx: remove incorrect __init annotation 2019-03-23 08:44:36 +01:00
cpuidle cpuidle: big.LITTLE: fix refcount leak 2019-02-20 10:13:09 +01:00
crypto crypto: crypto4xx - properly set IV after de- and encrypt 2019-04-27 09:34:00 +02:00
dca
devfreq PM / devfreq: tegra: fix error return code in tegra_devfreq_probe() 2018-11-10 07:41:40 -08:00
dio
dma dmaengine: tegra: avoid overflow of byte tracking 2019-04-27 09:33:53 +02:00
dma-buf
edac EDAC, i7core: Fix memleaks and use-after-free on probe and remove 2018-10-10 08:52:06 +02:00
eisa
extcon extcon: usb-gpio: Don't miss event during suspend/resume 2019-04-03 06:23:18 +02:00
firewire firewire-ohci: work around oversized DMA reads on JMicron controllers 2018-05-30 07:48:52 +02:00
firmware efi: stub: define DISABLE_BRANCH_PROFILING for all architectures 2019-04-03 06:23:20 +02:00
fmc
fpga
gpio gpio: gpio-omap: fix level interrupt idling 2019-04-27 09:33:48 +02:00
gpu drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers 2019-04-27 09:33:53 +02:00
hid hid-sensor-hub.c: fix wrong do_div() usage 2019-04-03 06:23:21 +02:00
hsi HSI: ssi_protocol: double free in ssip_pn_xmit() 2018-03-24 10:58:42 +01:00
hv Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels 2019-01-13 10:05:27 +01:00
hwmon hwmon: (lm80) Fix missing unlock on error in set_fan_div() 2019-02-23 09:05:13 +01:00
hwspinlock
hwtracing coresight: etm4x: Add support to enable ETMv4.2 2019-04-27 09:33:50 +02:00
i2c i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA 2019-04-27 09:33:47 +02:00
ide ide: pmac: add of_node_put() 2018-12-21 14:09:52 +01:00
idle idle: i7300: add PCI dependency 2018-02-25 11:03:51 +01:00
iio io: accel: kxcjk1013: restore the range after resume. 2019-04-27 09:34:01 +02:00
infiniband IB/mlx4: Fix race condition between catas error reset and aliasguid flows 2019-04-27 09:33:56 +02:00
input Input: st-keyscan - fix potential zalloc NULL dereference 2019-03-23 08:44:33 +01:00
iommu iommu/dmar: Fix buffer overflow during PCI bus notification 2019-04-27 09:33:59 +02:00
ipack
irqchip irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable 2019-03-23 08:44:27 +01:00
isdn mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S 2019-04-03 06:23:25 +02:00
leds leds: lp55xx: fix null deref on firmware load failure 2019-04-27 09:33:51 +02:00
lguest
lightnvm
macintosh macintosh/via-pmu: Add missing mmio accessors 2018-09-19 22:48:57 +02:00
mailbox
mcb
md bcache: improve sysfs_strtoul_clamp() 2019-04-27 09:33:51 +02:00
media media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration 2019-04-27 09:33:53 +02:00
memory memory: tegra: Apply interrupts mask per SoC 2018-08-06 16:24:38 +02:00
memstick memstick: Prevent memstick host from getting runtime suspended during card detection 2019-02-20 10:13:09 +01:00
message scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() 2018-05-30 07:48:58 +02:00
mfd mfd: mc13xxx: Fix a missing check of a register-read failure 2019-03-23 08:44:16 +01:00
misc misc: vexpress: Off by one in vexpress_syscfg_exec() 2019-02-20 10:13:18 +01:00
mmc mmc: davinci: remove extraneous __init annotation 2019-04-27 09:33:56 +02:00
mtd mtd: rawnand: gpmi: fix MX28 bus master lockup problem 2019-02-20 10:13:17 +01:00
net bonding: fix event handling for stacked bonds 2019-04-27 09:33:59 +02:00
nfc NFC: nxp-nci: Include unaligned.h instead of access_ok.h 2019-02-20 10:13:20 +01:00
ntb ntb_transport: Fix bug with max_mw_size parameter 2018-05-30 07:48:55 +02:00
nubus
nvdimm libnvdimm: Hold reference on parent while scheduling async init 2018-11-21 09:27:34 +01:00
nvme nvme-pci: initialize queue memory before interrupts 2018-07-11 16:03:47 +02:00
nvmem
of of: add helper to lookup compatible child node 2018-12-01 09:46:35 +01:00
oprofile
parisc parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode 2018-05-30 07:49:10 +02:00
parport parport_pc: fix find_superio io compare code, should use equal test. 2019-03-23 08:44:37 +01:00
pci PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller 2019-04-27 09:33:56 +02:00
pcmcia pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges 2018-11-21 09:27:30 +01:00
perf drivers/perf: arm_pmu: handle no platform_device 2018-03-22 09:23:26 +01:00
phy phy: work around 'phys' references to usb-nop-xceiv devices 2018-01-23 19:50:16 +01:00
pinctrl pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins 2019-03-23 08:44:33 +01:00
platform platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 2019-03-23 08:44:26 +01:00
pnp
power power: supply: olpc_battery: correct the temperature units 2019-01-13 10:05:34 +01:00
powercap PowerCap: Fix an error code in powercap_register_zone() 2018-04-13 19:50:05 +02:00
pps
ps3
ptp ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl 2019-02-20 10:13:05 +01:00
pwm pwm: tiehrpwm: Fix disabling of output of PWMs 2018-09-09 20:04:35 +02:00
rapidio
ras
regulator regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting 2019-04-27 09:33:53 +02:00
remoteproc
reset
rpmsg
rtc rtc: Fix overflow when converting time64_t to rtc_time 2019-04-03 06:23:19 +02:00
s390 scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices 2019-04-03 06:23:27 +02:00
sbus drivers/sbus/char: add of_node_put() 2018-12-21 14:09:52 +01:00
scsi scsi: megaraid_sas: return error when create DMA pool failed 2019-04-27 09:33:50 +02:00
sfi
sh
sn
soc soc/tegra: fuse: Fix illegal free of IO base address 2019-04-27 09:33:52 +02:00
spi spi: bcm2835: Unbreak the build of esoteric configs 2019-01-13 10:05:31 +01:00
spmi
ssb ssb: mark ssb_bus_register as __maybe_unused 2018-02-25 11:03:44 +01:00
staging staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf 2019-04-27 09:34:01 +02:00
target scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock 2019-03-23 08:44:35 +01:00
tc TC: Set DMA masks for devices 2018-11-21 09:27:36 +01:00
thermal thermal/int340x_thermal: fix mode setting 2019-04-27 09:33:57 +02:00
thunderbolt thunderbolt: Resume control channel after hibernation image is created 2018-04-24 09:32:07 +02:00
tty serial: uartps: console_setup() can't be placed to init section 2019-04-27 09:33:58 +02:00
uio uio: Fix an Oops on load 2018-11-27 16:08:02 +01:00
usb usb: chipidea: Grab the (legacy) USB PHY by phandle first 2019-04-27 09:33:49 +02:00
uwb uwb: hwa-rc: fix memory leak at probe 2018-10-10 08:52:04 +02:00
vfio vfio/pci: Virtualize Maximum Read Request Size 2018-04-24 09:32:09 +02:00
vhost vhost: make sure used idx is seen before log in vhost_add_used_n() 2019-01-13 10:05:28 +01:00
video fbdev: fbmem: fix memory access if logo is bigger than the screen 2019-04-27 09:33:51 +02:00
virt mm: replace get_user_pages() write/force parameters with gup_flags 2018-12-17 21:55:16 +01:00
virtio virtio_balloon: fix another race between migration and ballooning 2018-08-06 16:24:42 +02:00
vlynq
vme
w1 w1: omap-hdq: fix missing bus unregister at removal 2018-11-21 09:27:35 +01:00
watchdog watchdog: f71808e_wdt: Fix magic close handling 2018-05-30 07:49:03 +02:00
xen xen: xlate_mmu: add missing header to fix 'W=1' warning 2018-12-17 21:55:11 +01:00
zorro zorro: Set up z->dev.dma_mask for the DMA API 2018-05-30 07:49:11 +02:00
Kconfig
Makefile usb: build drivers/usb/common/ when USB_SUPPORT is set 2018-02-25 11:03:38 +01:00