double-free of inode on alloc_file() failure exit in create_write_pipe()

upstream commit: ed1524371716466e9c762808b02601d0d0276a92 Duh... Fortunately, the bug is quite recent (post-2.6.25) and, embarrassingly, mine ;-/ http://bugzilla.kernel.org/show_bug.cgi?id=10878 Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
author: Al Viro <viro@zeniv.linux.org.uk> 2008-04-22 19:51:27 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2008-06-16 13:19:49 -0700
commit: 37067331d5902e42786f8456ca412512b19b8ac3 (patch)
tree: 7b97f23a82a2b6f7276ab6d49aeb0f84f55a4423
parent: c2375e697044e4a631e227d563ac210342f17f9c (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/pipe.c b/fs/pipe.c
index 8be381bbcb54..f73492b6817e 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -988,7 +988,10 @@ struct file *create_write_pipe(void)
 	return f;
 
  err_dentry:
+	free_pipe_info(inode);
 	dput(dentry);
+	return ERR_PTR(err);
+
  err_inode:
 	free_pipe_info(inode);
 	iput(inode);
author	Al Viro <viro@zeniv.linux.org.uk>	2008-04-22 19:51:27 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2008-06-16 13:19:49 -0700
commit	37067331d5902e42786f8456ca412512b19b8ac3 (patch)
tree	7b97f23a82a2b6f7276ab6d49aeb0f84f55a4423
parent	c2375e697044e4a631e227d563ac210342f17f9c (diff)