[PATCH] [RFC PATCH] ALSA: usb-audio: endpoint: Prevent NULL pointer deference in snd_usb_endpoint_close

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



When multiple plug-in and plug-out events occur,
there is a risk of encountering a NULL pointer dereference
leading to a kernel panic during a headset use-case.
this issue arises in the snd_usb_endpoint_close function

To avoid check if ep->iface_ref is not null before decrementing
its opened count. If ep->iface_ref is null, we skip the decrement
and the subsequent logic.

Signed-off-by: Rajashekar kuruva <quic_kuruva@xxxxxxxxxxx>
---
 sound/usb/endpoint.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c
index 8f65349a06d3..0e3101b7e392 100644
--- a/sound/usb/endpoint.c
+++ b/sound/usb/endpoint.c
@@ -950,7 +950,7 @@ void snd_usb_endpoint_close(struct snd_usb_audio *chip,
 	usb_audio_dbg(chip, "Closing EP 0x%x (count %d)\n",
 		      ep->ep_num, ep->opened);
 
-	if (!--ep->iface_ref->opened &&
+	if (ep->iface_ref && !--ep->iface_ref->opened &&
 		!(chip->quirk_flags & QUIRK_FLAG_IFACE_SKIP_CLOSE))
 		endpoint_set_interface(chip, ep, false);
 
-- 
2.25.1





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux