From felipe.balbi@nokia.com  Fri Apr 23 14:04:35 2010
From: Dan Carpenter <error27@gmail.com>
Date: Thu, 25 Mar 2010 13:14:27 +0200
Subject: musb: potential use after free
To: Greg KH <greg@kroah.com>
Message-ID: <1269515673-27980-6-git-send-email-felipe.balbi@nokia.com>


From: Dan Carpenter <error27@gmail.com>

We assign "urb->hcpriv = qh;" a few lines down.  I'm pretty sure we
want it "urb->hcpriv" to be NULL not a freed value.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 drivers/usb/musb/musb_host.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -2042,6 +2042,7 @@ static int musb_urb_enqueue(
 		 * odd, rare, error prone, but legal.
 		 */
 		kfree(qh);
+		qh = NULL;
 		ret = 0;
 	} else
 		ret = musb_schedule(musb, qh,