memstick: fix a double-free bug in memstick_check

[ Upstream commit e3e9ced ] kfree(host->card) has been called in put_device so that another kfree would raise cause a double-free bug. Fixes: 0193383 ("memstick: core: fix device_register() error handling") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com> Link: https://lore.kernel.org/r/20201120074846.31322-1-miaoqinglang@huawei.com Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
xanmod · Dec 30, 2020 · 365a94f · 365a94f
1 parent c802d9e
commit 365a94f
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c
@@ -468,7 +468,6 @@ static void memstick_check(struct work_struct *work)
 			host->card = card;
 			if (device_register(&card->dev)) {
 				put_device(&card->dev);
-				kfree(host->card);
 				host->card = NULL;
 			}
 		} else