From: Julia Lawall <julia@diku.dk>
Date: Fri, 23 Dec 2011 13:02:55 +0000 (+0100)
Subject: drivers/usb/class/cdc-acm.c: clear dangling pointer
X-Git-Tag: firefly_0821_release~7541^2~1992
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e60f83773e5a5757b765b30776bd1e7fe1188c1b;p=firefly-linux-kernel-4.4.55.git

drivers/usb/class/cdc-acm.c: clear dangling pointer

commit e7c8e8605d0bafc705ff27f9da98a1668427cc0f upstream.

On some failures, the country_code field of an acm structure is freed
without freeing the acm structure itself.  Elsewhere, operations including
memcpy and kfree are performed on the country_code field.  The patch sets
the country_code field to NULL when it is freed, and likewise sets the
country_code_size field to 0.

Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
index 8faa23cd74f1..b632d4b53549 100644
--- a/drivers/usb/class/cdc-acm.c
+++ b/drivers/usb/class/cdc-acm.c
@@ -1183,6 +1183,8 @@ made_compressed_probe:
 		i = device_create_file(&intf->dev, &dev_attr_wCountryCodes);
 		if (i < 0) {
 			kfree(acm->country_codes);
+			acm->country_codes = NULL;
+			acm->country_code_size = 0;
 			goto skip_countries;
 		}
 
@@ -1191,6 +1193,8 @@ made_compressed_probe:
 		if (i < 0) {
 			device_remove_file(&intf->dev, &dev_attr_wCountryCodes);
 			kfree(acm->country_codes);
+			acm->country_codes = NULL;
+			acm->country_code_size = 0;
 			goto skip_countries;
 		}
 	}