seq_file: always clear m->count when we free m->buf

Once we'd freed m->buf, m->count should become zero - we have no valid contents reachable via m->buf. Reported-by: Charley (Hao Chuan) Chu <charley.chu@broadcom.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

seq_file: always clear m->count when we free m->buf
Once we'd freed m->buf, m->count should become zero - we have no valid contents reachable via m->buf. Reported-by: Charley (Hao Chuan) Chu <charley.chu@broadcom.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Al Viro · Linus Torvalds
1 parent 27b5c3f3cc
Showing 1 changed file with 2 additions and 1 deletions Side-by-side Diff
fs/seq_file.c
@@ -136,6 +136,7 @@
 Eoverflow:
 	m->op->stop(m, p);
 	kfree(m->buf);
+	m->count = 0;
 	m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
 	return !m->buf ? -ENOMEM : -EAGAIN;
 }
  
@@ -232,10 +233,10 @@
 			goto Fill;
 		m->op->stop(m, p);
 		kfree(m->buf);
+		m->count = 0;
 		m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
 		if (!m->buf)
 			goto Enomem;
-		m->count = 0;
 		m->version = 0;
 		pos = m->index;
 		p = m->op->start(m, &pos);
...	...	@@ -136,6 +136,7 @@
136	136	Eoverflow:
137	137	m->op->stop(m, p);
138	138	kfree(m->buf);
	139	+ m->count = 0;
139	140	m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
140	141	return !m->buf ? -ENOMEM : -EAGAIN;
141	142	}
142	143
...	...	@@ -232,10 +233,10 @@
232	233	goto Fill;
233	234	m->op->stop(m, p);
234	235	kfree(m->buf);
	236	+ m->count = 0;
235	237	m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
236	238	if (!m->buf)
237	239	goto Enomem;
238		- m->count = 0;
239	240	m->version = 0;
240	241	pos = m->index;
241	242	p = m->op->start(m, &pos);