dpll: Add a check before kfree() to match the existing check before k…

…memdup() When src->freq_supported is not NULL but src->freq_supported_num is 0, dst->freq_supported is equal to src->freq_supported. In this case, if the subsequent kstrdup() fails, src->freq_supported may be freed without being set to NULL, potentially leading to a use-after-free or double-free error. Fixes: 830ead5 ("dpll: fix pin dump crash for rebound module") Cc: <stable@vger.kernel.org> # v6.8+ Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com> Signed-off-by: NipaLocal <nipa@local>
linux-netdev · Feb 26, 2025 · f278b7e · f278b7e
1 parent 9ecb67c
commit f278b7e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/drivers/dpll/dpll_core.c b/drivers/dpll/dpll_core.c
@@ -475,7 +475,8 @@ static int dpll_pin_prop_dup(const struct dpll_pin_properties *src,
 err_panel_label:
 	kfree(dst->board_label);
 err_board_label:
-	kfree(dst->freq_supported);
+	if (src->freq_supported_num)
+		kfree(dst->freq_supported);
 	return -ENOMEM;
 }