[Prism54-devel] [PATCH] double-free in isl_ioctl.c

[Jens Maurer]

This is a multi-part message in MIME format.
--------------000208040402040903000706
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello!

The change on 2003/12/29 00:52:45 by ajfa introduced a
double-free problem that wreaked havoc with the queues.

The attached patch restores the old behaviour, i.e.
we only free the entry if the operation failed and
we're going to return -EINVAL.

This problem could have overshadowed the SMC fixes, so
anyone still having problems with SMC might want to
give the attached patch a try.

Jens Maurer

--------------000208040402040903000706
Content-Type: text/plain;
 name="mgt_get_request-double-free.patch"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="mgt_get_request-double-free.patch"

SW5kZXg6IGlzbF9pb2N0bC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC92YXIvbGliL2N2
cy9wcmlzbTU0LW5nL2tzcmMvaXNsX2lvY3RsLmMsdgpyZXRyaWV2aW5nIHJldmlzaW9uIDEu
MTA0CmRpZmYgLXUgLXIxLjEwNCBpc2xfaW9jdGwuYwotLS0gaXNsX2lvY3RsLmMJNSBKYW4g
MjAwNCAyMDo0MjowMCAtMDAwMAkxLjEwNAorKysgaXNsX2lvY3RsLmMJNiBKYW4gMjAwNCAy
MjowMDo0NiAtMDAwMApAQCAtMTM0LDcgKzEzNCw3IEBACiAJCWlzbHBjaV9tZ3RfcXVldWUo
cHJpdiwgUElNRk9SX09QX0dFVCwgb2lkLCAwLCBkYXRhLCBkbGVuLCAwKTsKIAkJX3J2YWx1
ZSA9IGlzbHBjaV9tZ3RfcmVzcG9uc2UocHJpdiwgb2lkLCAmX29wLCByZXMsCiAJCQkJCSAg
ICAgICZfZGxlbiwgZW50cnkpOwotCQlpZiAoIV9ydmFsdWUpCisJCWlmIChfb3AgPT0gUElN
Rk9SX09QX0VSUk9SKQogCQkJaXNscGNpX21ndF9yZWxlYXNlKHByaXYsICplbnRyeSk7CiAJ
CWlmIChfcnZhbHVlIHx8IF9vcCA9PSBQSU1GT1JfT1BfRVJST1IpCiAJCQlfcnZhbHVlID0g
LUVJTlZBTDsK
--------------000208040402040903000706--