The following commit has been merged in the upstream branch:
commit e848c0dee50ba029083d8a83a38d1c4536d37362
Author: Samuel Thibault <[email protected]>
Date: Sat Jul 20 17:06:25 2013 +0200
pfinet: Fix call to kfree_s
kfree_s expects a pointer and a size argument. Currently the
sizeof(cache) is used as size argument, this is certainly not what was
intented.
For reference, this code was present in Linux up to version 2.3.14 and
was replaced in 2.3.15.
Found using coccinelle and
https://raw.github.com/coccinelle/coccinellery/master/sz/sz.cocci.
* pfinet/linux-src/net/ipv4/ipmr.c (ipmr_cache_delete): Fix kfree_s call.
diff --git a/pfinet/linux-src/net/ipv4/ipmr.c b/pfinet/linux-src/net/ipv4/ipmr.c
index cd51cd9..08d1a36 100644
--- a/pfinet/linux-src/net/ipv4/ipmr.c
+++ b/pfinet/linux-src/net/ipv4/ipmr.c
@@ -332,7 +332,7 @@ static void ipmr_cache_delete(struct mfc_cache *cache)
kfree_skb(skb);
}
}
- kfree_s(cache,sizeof(cache));
+ kfree_s(cache,sizeof(*cache));
}
/*
--
Debian GNU Hurd packaging
