Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5a683847 authored by Ajay Agarwal's avatar Ajay Agarwal
Browse files

usb: gadget: f_gsi: Set notify_req to NULL in unbind 



Consider a gsi instance whose notify_req is assigned using
usb_ep_alloc_request as a part of bind. Thereafter, when the
unbind happens, we kfree the notify_req->buf and invoke
usb_ep_free_request on notify_req but do not set it to NULL.
If the next bind fails for some reason, we end up running kfree
on notify_req->buf again from the error path which leads to
double free.
Fix this by setting notify_req to NULL in unbind.

Change-Id: If46cd875ccb0294d41bebfc4ddbd5c44447ca845
Signed-off-by: default avatarAjay Agarwal <ajaya@codeaurora.org>
parent 8136c468
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment