s390/3270: fix use after free of tty3270_screen structure (03439e7d) · Commits · e / devices / android_kernel_fairphone_FP3

drivers/s390/char/tty3270.c

+2 −5

Original line number	Diff line number	Diff line
		@@ -125,9 +125,6 @@ static void tty3270_resize_work(struct work_struct *work);
		*/
		static void tty3270_set_timer(struct tty3270 *tp, int expires)
		{
		if (expires == 0)
		del_timer(&tp->timer);
		else
		mod_timer(&tp->timer, jiffies + expires);
		}

		@@ -744,7 +741,6 @@ tty3270_free_view(struct tty3270 *tp)
		{
		int pages;

		del_timer_sync(&tp->timer);
		kbd_free(tp->kbd);
		raw3270_request_free(tp->kreset);
		raw3270_request_free(tp->read);
		@@ -877,6 +873,7 @@ tty3270_free(struct raw3270_view *view)
		{
		struct tty3270 *tp = container_of(view, struct tty3270, view);

		del_timer_sync(&tp->timer);
		tty3270_free_screen(tp->screen, tp->view.rows);
		tty3270_free_view(tp);
		}