udc is then checked for NULL, if NULL, it is then dereferenced as udc->dev, it is found using Coccinelle. We simplify the code to fix this problem, and we delete some conditions at if {} which will never be met. Reported-by: Tapasweni Pathak <tapaswenipathak@xxxxxxxxx> Reported-by : Julia Lawall <julia.lawall@xxxxxxx> Signed-off-by: Peter Chen <peter.chen@xxxxxxxxxxxxx> --- drivers/usb/gadget/udc/lpc32xx_udc.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/drivers/usb/gadget/udc/lpc32xx_udc.c b/drivers/usb/gadget/udc/lpc32xx_udc.c index 27fd413..3b6a785 100644 --- a/drivers/usb/gadget/udc/lpc32xx_udc.c +++ b/drivers/usb/gadget/udc/lpc32xx_udc.c @@ -1803,23 +1803,14 @@ static int lpc32xx_ep_queue(struct usb_ep *_ep, req = container_of(_req, struct lpc32xx_request, req); ep = container_of(_ep, struct lpc32xx_ep, ep); - if (!_req || !_req->complete || !_req->buf || + if (!_ep || !_req || !_req->complete || !_req->buf || !list_empty(&req->queue)) return -EINVAL; udc = ep->udc; - if (!_ep) { - dev_dbg(udc->dev, "invalid ep\n"); - return -EINVAL; - } - - - if ((!udc) || (!udc->driver) || - (udc->gadget.speed == USB_SPEED_UNKNOWN)) { - dev_dbg(udc->dev, "invalid device\n"); - return -EINVAL; - } + if (udc->gadget.speed == USB_SPEED_UNKNOWN) + return -EPIPE; if (ep->lep) { struct lpc32xx_usbd_dd_gad *dd; -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html