From c8145c56103099565be2e18aeac2a32f79361f3f Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 22 Jul 2013 09:57:49 +0300 Subject: [PATCH] staging: frontier: use after free in disconnect() usb_alphatrack_delete() frees "dev" so we can't use it on that path. Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- drivers/staging/frontier/alphatrack.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/frontier/alphatrack.c b/drivers/staging/frontier/alphatrack.c index 5590ebf1da15..817f837b240d 100644 --- a/drivers/staging/frontier/alphatrack.c +++ b/drivers/staging/frontier/alphatrack.c @@ -827,11 +827,11 @@ static void usb_alphatrack_disconnect(struct usb_interface *intf) mutex_unlock(&dev->mtx); usb_alphatrack_delete(dev); } else { + atomic_set(&dev->writes_pending, 0); dev->intf = NULL; mutex_unlock(&dev->mtx); } - atomic_set(&dev->writes_pending, 0); mutex_unlock(&disconnect_mutex); dev_info(&intf->dev, "Alphatrack Surface #%d now disconnected\n", -- 2.20.1