From ab30f78c0afbb86584144925e25c7ca68ba9a91f Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sun, 28 Mar 2010 23:39:22 +0000 Subject: [PATCH] powerpc/pmac/windfarm: Correct potential double free The conditionals were testing different values, but then all freeing the same one, which could result in a double free. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression x,e; identifier f; iterator I; statement S; @@ *kfree(x); ... when != &x when != x = e when != I(x,...) S *x // Signed-off-by: Julia Lawall Signed-off-by: Benjamin Herrenschmidt --- drivers/macintosh/windfarm_pm91.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/macintosh/windfarm_pm91.c b/drivers/macintosh/windfarm_pm91.c index bea99168ff35..344273235124 100644 --- a/drivers/macintosh/windfarm_pm91.c +++ b/drivers/macintosh/windfarm_pm91.c @@ -687,12 +687,9 @@ static int __devexit wf_smu_remove(struct platform_device *ddev) wf_put_control(cpufreq_clamp); /* Destroy control loops state structures */ - if (wf_smu_slots_fans) - kfree(wf_smu_cpu_fans); - if (wf_smu_drive_fans) - kfree(wf_smu_cpu_fans); - if (wf_smu_cpu_fans) - kfree(wf_smu_cpu_fans); + kfree(wf_smu_slots_fans); + kfree(wf_smu_drive_fans); + kfree(wf_smu_cpu_fans); return 0; } -- 2.39.5