staging: gpib: Move free after the variable use has been completed

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The variable `in_data` is freed, but used later in the code.
Fix it by moving the freeing the memory after it use has been
completed.

This issue was reported by Coverity Scan.
Report:
CID 1600783: (#1 of 1): Use after free (USE_AFTER_FREE)
19. pass_freed_arg: Passing freed pointer in_data as an argument to
ni_usb_dump_raw_block.

Fixes: 4e127de14fa7 ("staging: gpib: Add National Instruments USB GPIB driver")
Signed-off-by: Everest K.C. <everestkc@everestkc.com.np>
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Link: https://lore.kernel.org/r/20241015215157.18571-1-everestkc@everestkc.com.np
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

authored by

Everest K.C. and committed by

Greg Kroah-Hartman 1 year ago b0a7dfeb afa0ab04

+1 -1

1 changed file

expand all

drivers

staging

gpib

ni_usb

ni_usb_gpib.c

+1 -1

drivers/staging/gpib/ni_usb/ni_usb_gpib.c

··· 690 690 kfree(in_data); 691 691 return parse_retval; 692 692 } 693 - kfree(in_data); 694 693 if (actual_length != length - status.count) { 695 694 pr_err("%s: actual_length=%i expected=%li\n", 696 695 __func__, actual_length, (long)(length - status.count)); 697 696 ni_usb_dump_raw_block(in_data, usb_bytes_read); 698 697 } 698 + kfree(in_data); 699 699 switch (status.error_code) { 700 700 case NIUSB_NO_ERROR: 701 701 retval = 0;