#720 closed bug (fixed)
free(device) before access to device->devId
| Reported by: | Owned by: | marcusoverhagen | |
|---|---|---|---|
| Priority: | low | Milestone: | R1 |
| Component: | System/Kernel | Version: | |
| Keywords: | Cc: | diver | |
| Blocked By: | Blocking: | ||
| Platform: | All |
Description
In lines 645 (rtl8169_open()) and 691 (rtl8169_free()) in device.c from SVN revision 13218, the rtl8169_device pointer is freed before one of its members (devId) is accessed by the code that sets the device id as free.
The code in question reads:
free(device); atomic_and(&gOpenMask, ~(1 << device->devId));
And it should be instead set to:
atomic_and(&gOpenMask, ~(1 << device->devId)); free(device);
Change History (4)
comment:1 by , 18 years ago
| Cc: | added |
|---|
comment:2 by , 18 years ago
| Resolution: | → fixed |
|---|
comment:3 by , 18 years ago
| Status: | new → closed |
|---|
comment:4 by , 18 years ago
Note:
See TracTickets
for help on using tickets.
Fixed by zooey in hrev18393, I hope no one minds if I close this bug.