On 05/12/15 00:27, Laurent Pinchart wrote: > The GEM object free handler frees memory allocated by the driver using > the pointer to the drm_gem_object instead of the pointer to the > omap_gem_object that embeds it. This doesn't cause any issue in practice > as the drm_gem_object is the first field of omap_gem_object, but would > cause memory corruption if the structure layout changes. Fix it. > > Signed-off-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com> > --- > drivers/gpu/drm/omapdrm/omap_gem.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/omapdrm/omap_gem.c > b/drivers/gpu/drm/omapdrm/omap_gem.c > index 644dff8ab516..f24bb71d9946 100644 > --- a/drivers/gpu/drm/omapdrm/omap_gem.c > +++ b/drivers/gpu/drm/omapdrm/omap_gem.c > @@ -1336,7 +1336,7 @@ void omap_gem_free_object(struct drm_gem_object *obj) > > drm_gem_object_release(obj); > > - kfree(obj); > + kfree(omap_obj); > } > > /* GEM buffer object constructor */ >
There's another kfree(obj) in omap_gem_new_handle(). Tomi -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20151214/6e69a1ee/attachment.sig>