Commit d5eb8e3
drm/vkms: Fix use after free and double free on init error
[ Upstream commit ed15511 ]
If the driver initialization fails, the vkms_exit() function might
access an uninitialized or freed default_config pointer and it might
double free it.
Fix both possible errors by initializing default_config only when the
driver initialization succeeded.
Reported-by: Louis Chauvet <louis.chauvet@bootlin.com>
Closes: https://lore.kernel.org/all/Z5uDHcCmAwiTsGte@louis-chauvet-laptop/
Fixes: 2df7af9 ("drm/vkms: Add vkms_config type")
Signed-off-by: José Expósito <jose.exposito89@gmail.com>
Reviewed-by: Thomas Zimmermann <tzimmremann@suse.de>
Reviewed-by: Louis Chauvet <louis.chauvet@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20250212084912.3196-1-jose.exposito89@gmail.com
Signed-off-by: Louis Chauvet <louis.chauvet@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>1 parent b84d743 commit d5eb8e3
1 file changed
+9
-6
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
245 | 245 | | |
246 | 246 | | |
247 | 247 | | |
248 | | - | |
249 | | - | |
250 | 248 | | |
251 | 249 | | |
252 | 250 | | |
253 | 251 | | |
254 | 252 | | |
255 | | - | |
| 253 | + | |
256 | 254 | | |
| 255 | + | |
| 256 | + | |
257 | 257 | | |
258 | | - | |
| 258 | + | |
| 259 | + | |
| 260 | + | |
259 | 261 | | |
260 | 262 | | |
261 | 263 | | |
| |||
279 | 281 | | |
280 | 282 | | |
281 | 283 | | |
282 | | - | |
283 | | - | |
| 284 | + | |
| 285 | + | |
284 | 286 | | |
| 287 | + | |
285 | 288 | | |
286 | 289 | | |
287 | 290 | | |
| |||
0 commit comments