I am so sorry. I misunderstood the reason of CVE-2016-2188.
Sorry again!!!
On Fri, Apr 12, 2019 at 5:07 PM Bjørn Mork <bjorn@xxxxxxx> wrote:
>
> Yang Xiao <92siuyang@xxxxxxxxx> writes:
>
> > If given malicious descritors that spcify 0 for the number of endpoints,
> > then there is a null pointer deference when calling function
> > usb_endpoint_is_bulk_in.
> >
> > for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
>
> Try this:
>
> #include <stdio.h>
> int main()
> {
> int i;
> for (i=0; i<0; ++i)
> printf("%d\n");
> return 0;
> }
>
> How many lines did it print?
>
>
> Bjørn
