Commit ad2feebd authored Jul 30, 2022 by Sebin Sebastian Committed by Alex Deucher Aug 10, 2022

drm/amdgpu: double free error and freeing uninitialized null pointer

Fix a double free and an uninitialized pointer read error. Both tmp and
new are pointing at same address and both are freed which leads to
double free. Adding a check to verify if new and tmp are free in the
error_free label fixes the double free issue. new is not initialized to
null which also leads to a free on an uninitialized pointer.

Reviewed-by: André Almeida <andrealmeid@igalia.com>
Suggested by: S. Amaranath <Amaranath.Somalapuram@amd.com>
Signed-off-by: Sebin Sebastian <mailmesebin00@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

parent a6250bdb

drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -1705,7 +1705,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
		{
		struct amdgpu_device adev = (struct amdgpu_device )file_inode(f)->i_private;
		char reg_offset[11];
		uint32_t new, tmp = NULL;
		uint32_t new = NULL, tmp = NULL;
		int ret, i = 0, len = 0;

		do {
		@@ -1747,6 +1747,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
		ret = size;

		error_free:
		if (tmp != new)
		kfree(tmp);
		kfree(new);
		return ret;