Tomas Bortoli cf94da6f50 Bluetooth: Fix invalid-free in bcsp_close() ...

Syzbot reported an invalid-free that I introduced fixing a memleak.

bcsp_recv() also frees bcsp->rx_skb but never nullifies its value.
Nullify bcsp->rx_skb every time it is freed.

Signed-off-by: Tomas Bortoli <tomasbortoli@gmail.com>
Reported-by: syzbot+a0d209a4676664613e76@syzkaller.appspotmail.com
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>

2019-11-04 15:19:02 +01:00

18 KiB

Raw Blame History

View Raw