pipe_rdwr_fasync: fix the error handling to prevent the leak/crash

[safe/jmp/linux-2.6] / fs / pipe.c

diff --git a/fs/pipe.c b/fs/pipe.c
index 3a48ba5..14f502b 100644 (file)
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -699,12 +699,12 @@ pipe_rdwr_fasync(int fd, struct file *filp, int on)
        int retval;
 
        mutex_lock(&inode->i_mutex);
-
        retval = fasync_helper(fd, filp, on, &pipe->fasync_readers);
-
-       if (retval >= 0)
+       if (retval >= 0) {
                retval = fasync_helper(fd, filp, on, &pipe->fasync_writers);
-
+               if (retval < 0) /* this can happen only if on == T */
+                       fasync_helper(-1, filp, 0, &pipe->fasync_readers);
+       }
        mutex_unlock(&inode->i_mutex);
 
        if (retval < 0)