Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ccf3f769 authored by Zhen Kong's avatar Zhen Kong Committed by Gerrit - the friendly Code Review server
Browse files

qseecom: fix kclient free issue in qseecom_remove 



Remove kzfree() after kclient list iteration to avoid invalid
pointer deference.

Change-Id: I78922269e219fcb16d3cff05f8b168a75a3c05ae
Signed-off-by: default avatarZhen Kong <zkong@codeaurora.org>
parent 130b5c4c

drivers/misc/qseecom.c

+5 −10
Original line number Diff line number Diff line
@@ -8804,11 +8804,11 @@ static int qseecom_remove(struct platform_device *pdev) 
		&qseecom.registered_kclient_list_head, list) {



		/* Break the loop if client handle is NULL */

		if (!kclient->handle)

			goto exit_free_kclient;



		if (list_empty(&kclient->list))

			goto exit_free_kc_handle;

		if (!kclient->handle) {

			list_del(&kclient->list);

			kzfree(kclient);

			break;

		}



		list_del(&kclient->list);

		mutex_lock(&app_access_lock);
@@ -8821,11 +8821,6 @@ static int qseecom_remove(struct platform_device *pdev) 
		}

	}



exit_free_kc_handle:

	kzfree(kclient->handle);

exit_free_kclient:

	kzfree(kclient);



	spin_unlock_irqrestore(&qseecom.registered_kclient_list_lock, flags);



	if (qseecom.qseos_version > QSEEE_VERSION_00)