firewire: fix panic in handle_at_packet
This fixes a use-after-free bug in the handling of split transactions. The AT DMA handler of the request was occasionally executed after the AR DMA handler of the response. The AT DMA handler then accessed an already freed packet. Reported by Johannes Berg. http://bugzilla.kernel.org/show_bug.cgi?id=9617Signed-off-by: NStefan Richter <stefanr@s5r6.in-berlin.de> Tested-by: NJohannes Berg <johannes@sipsolutions.net> Signed-off-by: NJarod Wilson <jwilson@redhat.com>
Showing
想要评论请 注册 或 登录