| Message ID | 20250416122351.213894-1-frederic.danis@collabora.com |
|---|---|
| State | New |
| Headers | show |
| Series | Bluetooth: l2cap: Fix double free of 'skb' | expand |
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c index 1bba7152fd70..5ca7ac43c58d 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -7556,7 +7556,7 @@ void l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags) skb->len = len; l2cap_recv_frame(conn, skb); l2cap_conn_unreliable(conn, ECOMM); - goto drop; + goto unlock; } /* Append fragment into frame (with header) */
Commit ad5747d4eed1 ("Bluetooth: l2cap: Process valid commands in too long frame") from Apr 14, 2025 (linux-next), leads to the following Smatch static checker warning: net/bluetooth/l2cap_core.c:7613 l2cap_recv_acldata() error: double free of 'skb' (line 7557) l2cap_recv_frame() consumes the skb. Fixes: ad5747d4eed1 ("Bluetooth: l2cap: Process valid commands in too long frame") Signed-off-by: Frédéric Danis <frederic.danis@collabora.com> --- net/bluetooth/l2cap_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)