ff is set to NULL and then dereferenced on line 65. Compile tested only.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
CC: stable@kernel.org
ff->reserved_req = fuse_request_alloc();
if (!ff->reserved_req) {
kfree(ff);
ff->reserved_req = fuse_request_alloc();
if (!ff->reserved_req) {
kfree(ff);
} else {
INIT_LIST_HEAD(&ff->write_entry);
atomic_set(&ff->count, 0);
} else {
INIT_LIST_HEAD(&ff->write_entry);
atomic_set(&ff->count, 0);