The problem is that we change "p_args" to point to the middle of the
string so when we free it at the end of the function it's not freeing
the same pointer that we originally allocated.
Fixes: e2c94d6f5720 ("w1_therm: adding alarm sysfs entry")
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
---
>From static analysis. I guess it must not cause too much of a problem
at run time?
drivers/w1/slaves/w1_therm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/w1/slaves/w1_therm.c b/drivers/w1/slaves/w1_therm.c
index cc4b88056b33..a6c85e486671 100644
--- a/drivers/w1/slaves/w1_therm.c
+++ b/drivers/w1/slaves/w1_therm.c
@@ -1526,8 +1526,9 @@ static ssize_t alarms_store(struct device *device,
int temp, ret = -EINVAL;
char *token = NULL;
s8 tl, th, tt; /* 1 byte per value + temp ring order */
- char *p_args = kmalloc(size, GFP_KERNEL);
+ char *p_args, *orig;
+ p_args = orig = kmalloc(size, GFP_KERNEL);
/* Safe string copys as buf is const */
if (!p_args) {
dev_warn(device,
@@ -1611,7 +1612,7 @@ static ssize_t alarms_store(struct device *device,
free_m:
/* free allocated memory */
- kfree(p_args);
+ kfree(orig);
return size;
}
--
2.26.2
