A pointer to 'struct si470x_device' is currently used after free:

drivers/media/radio/si470x/radio-si470x-i2c.c:462:25-30: ERROR: reference preceded by free on line 460

Shift the call to free() down past its final use.

NB: Not sending to Mainline, since the problem does not exist there.

Cc: stable@vger.kernel.org # v3.18+ Reported-by: kbuild test robot lkp@intel.com Reported-by: Julia Lawall julia.lawall@lip6.fr Signed-off-by: Lee Jones lee.jones@linaro.org --- drivers/media/radio/si470x/radio-si470x-i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/media/radio/si470x/radio-si470x-i2c.c b/drivers/media/radio/si470x/radio-si470x-i2c.c index ae7540b765e1d..aa12fd2663895 100644 --- a/drivers/media/radio/si470x/radio-si470x-i2c.c +++ b/drivers/media/radio/si470x/radio-si470x-i2c.c @@ -483,10 +483,10 @@ static int si470x_i2c_remove(struct i2c_client *client)

free_irq(client->irq, radio); video_unregister_device(&radio->videodev); - kfree(radio);

v4l2_ctrl_handler_free(&radio->hdl); v4l2_device_unregister(&radio->v4l2_dev); + kfree(radio); return 0; }