In the Linux kernel, the following vulnerability has been resolved:
mm/slab: make __free(kfree) accept error pointers
Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831xgpiodbg_show().
171 char *label _free(kfree) = gpiochipduplinelabel(chip, i); 172 if (ISERR(label)) { 173 deverr(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 }
The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this.