Commit dd9b442e authored Nov 23, 2018 by Hardik Arya

diag: Mark Buffer as NULL after freeing



There is a possibility of use-after-free and
double free because of not marking buffer as
NULL after freeing. The patch marks buffer
as NULL after freeing in error case.

Change-Id: Iacf8f8a4a4e644f48c87d5445ccd594766f2e156
Signed-off-by: Hardik Arya <harya@codeaurora.org>

parent a39768f1

drivers/char/diag/diag_masks.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1772,6 +1772,7 @@ static int __diag_mask_init(struct diag_mask_info *mask_info, int mask_len,
		mask_info->update_buf = kzalloc(update_buf_len, GFP_KERNEL);
		if (!mask_info->update_buf) {
		kfree(mask_info->ptr);
		mask_info->ptr = NULL;
		return -ENOMEM;
		}
		kmemleak_not_leak(mask_info->update_buf);