drm: Clear e after kfree in drm_mode_page_flip_ioctl

With the explicit retry loop static analyzers get confused by the
control flow and believe that e could be accessed after kfree. That's
not possible, but it's non-obvious, so let's clear it to NULL.

We already cleared e = NULL at the top of the function, so this is all
in line.

Cc: Julia Lawall <julia.lawall@lip6.fr>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Fixes: 29dc0d1de1 ("drm: Roll out acquire context for the page_flip ioctl")
Cc: Harry Wentland <harry.wentland@amd.com>
Cc: Daniel Vetter <daniel.vetter@intel.com>
Cc: Jani Nikula <jani.nikula@linux.intel.com>
Cc: Sean Paul <seanpaul@chromium.org>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170330133253.29500-1-daniel.vetter@ffwll.ch
This commit is contained in:
Daniel Vetter 2017-03-30 15:32:53 +02:00
parent f5f4c61598
commit 031e5896df

View File

@ -923,6 +923,7 @@ int drm_mode_page_flip_ioctl(struct drm_device *dev,
ret = drm_event_reserve_init(dev, file_priv, &e->base, &e->event.base);
if (ret) {
kfree(e);
e = NULL;
goto out;
}
}