Make 'file_priv' NULL upon freeing and add a check before dereferencing to avoid the following errors: drivers/gpu/drm/exynos/exynos_drm_drv.c:182 exynos_drm_open() error: double free of 'file_priv' drivers/gpu/drm/exynos/exynos_drm_drv.c:188 exynos_drm_open() error: dereferencing freed memory 'file_priv'
Signed-off-by: Sachin Kamat sachin.kamat@linaro.org --- drivers/gpu/drm/exynos/exynos_drm_drv.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_drv.c b/drivers/gpu/drm/exynos/exynos_drm_drv.c index 9d096a0..ee84a7b6 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_drv.c +++ b/drivers/gpu/drm/exynos/exynos_drm_drv.c @@ -173,6 +173,7 @@ static int exynos_drm_open(struct drm_device *dev, struct drm_file *file) ret = exynos_drm_subdrv_open(dev, file); if (ret) { kfree(file_priv); + file_priv = NULL; file->driver_priv = NULL; }
@@ -184,7 +185,8 @@ static int exynos_drm_open(struct drm_device *dev, struct drm_file *file) }
anon_filp->f_mode = FMODE_READ | FMODE_WRITE; - file_priv->anon_filp = anon_filp; + if (file_priv) + file_priv->anon_filp = anon_filp;
return ret; }