Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[media] em28xx: use after free in em28xx_v4l2_close()

We need to move the unlock before the kfree(dev);

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Dan Carpenter 13 years ago
parent
5359805193
commit
e36c92fd63
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      drivers/media/usb/em28xx/em28xx-video.c

+ 1 - 1
drivers/media/usb/em28xx/em28xx-video.c
View File 

@@ -2264,9 +2264,9 @@ static int em28xx_v4l2_close(struct file *filp)
 
 		if (dev->state & DEV_DISCONNECTED) {
 
 			em28xx_release_resources(dev);
 
 			kfree(dev->alt_max_pkt_size);
 
+			mutex_unlock(&dev->lock);
 
 			kfree(dev);
 
 			kfree(fh);
 
-			mutex_unlock(&dev->lock);
 
 			return 0;
 
 		}