tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

seq_file: always clear m->count when we free m->buf

Once we'd freed m->buf, m->count should become zero - we have no valid
contents reachable via m->buf.

Reported-by: Charley (Hao Chuan) Chu <charley.chu@broadcom.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Al Viro and committed by
Linus Torvalds 801a7605 27b5c3f3

+2 -1
+2 -1
fs/seq_file.c
··· 136 136 Eoverflow: 137 137 m->op->stop(m, p); 138 138 kfree(m->buf); 139 + m->count = 0; 139 140 m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); 140 141 return !m->buf ? -ENOMEM : -EAGAIN; 141 142 } ··· 233 232 goto Fill; 234 233 m->op->stop(m, p); 235 234 kfree(m->buf); 235 + m->count = 0; 236 236 m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); 237 237 if (!m->buf) 238 238 goto Enomem; 239 - m->count = 0; 240 239 m->version = 0; 241 240 pos = m->index; 242 241 p = m->op->start(m, &pos);