From 3267bc1b2b52a8ffd0dfda663c02c86eaab6f70d Mon Sep 17 00:00:00 2001
From: Wolfgang Denk <wd@denx.de>
Date: Thu, 28 Jul 2011 15:27:22 +0200
Subject: [PATCH] ubifs: Fix bad free() sequence in ubifs_finddir()

Free private_data member element before freeing file structure.
This was causing malloc to crash. Also remove unnecessary variable
assigments as file structure gets free'd as well.

Signed-off-by: Rod Boyce <uboot@teamboyce.co.uk>
Signed-off-by: Wolfgang Denk <wd@denx.de>
Cc: Stefan Roese <sr@denx.de>
Signed-off-by: Stefan Roese <sr@denx.de>
---
 fs/ubifs/ubifs.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c
index 5a5c739b53f..61f70b29604 100644
--- a/fs/ubifs/ubifs.c
+++ b/fs/ubifs/ubifs.c
@@ -360,6 +360,8 @@ out:
 		return err;
 	}
 
+	if (file->private_data)
+		kfree(file->private_data);
 	if (file)
 		free(file);
 	if (dentry)
@@ -367,10 +369,6 @@ out:
 	if (dir)
 		free(dir);
 
-	if (file->private_data)
-		kfree(file->private_data);
-	file->private_data = NULL;
-	file->f_pos = 2;
 	return 0;
 }
 
-- 
GitLab