The GEM object free handler frees memory allocated by the driver using
the pointer to the drm_gem_object instead of the pointer to the
omap_gem_object that embeds it. This doesn't cause any issue in practice
as the drm_gem_object is the first field of omap_gem_object, but would
cause memory corruption if the structure layout changes. Fix it.
Signed-off-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
---
drivers/gpu/drm/omapdrm/omap_gem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/omapdrm/omap_gem.c
b/drivers/gpu/drm/omapdrm/omap_gem.c
index 644dff8ab516..f24bb71d9946 100644
--- a/drivers/gpu/drm/omapdrm/omap_gem.c
+++ b/drivers/gpu/drm/omapdrm/omap_gem.c
@@ -1336,7 +1336,7 @@ void omap_gem_free_object(struct drm_gem_object *obj)
drm_gem_object_release(obj);
- kfree(obj);
+ kfree(omap_obj);
}
/* GEM buffer object constructor */
--
2.4.10
