usb: gadget: gadgetfs: use after free in dev_release()

The call to put_dev() releases "dev".  Hopefully, we don't need to set
the state to STATE_DEV_DISABLED anyway so I have removed those lines.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
This commit is contained in:
Dan Carpenter 2013-08-23 11:14:49 +03:00 committed by Felipe Balbi
parent c078a37652
commit 1826e9b1bd

View File

@ -1270,10 +1270,6 @@ dev_release (struct inode *inode, struct file *fd)
dev->buf = NULL;
put_dev (dev);
/* other endpoints were all decoupled from this device */
spin_lock_irq(&dev->lock);
dev->state = STATE_DEV_DISABLED;
spin_unlock_irq(&dev->lock);
return 0;
}