On Tue, Nov 05, 2019 at 10:49:11PM +0800, Pan Bian wrote: > The variable skb is released via kfree_skb() when the return value of > _rtl92e_tx is not zero. However, after that, skb is accessed again to > read its length, which may result in a use after free bug. This patch > fixes the bug by moving the release operation to where skb is never > used later. > > Signed-off-by: Pan Bian <bianpan2...@163.com>
Reviewed-by: Dan Carpenter <dan.carpen...@oracle.com> regards, dan carpenter _______________________________________________ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel