Fix NULL pointer dereference while trying to unlink audio_source
in android.
If unlink audio_source function, got a NULL pointer dereference:
---------------
[00000000] *pgd=28ad1831, *pte=00000000, *ppte=00000000
Internal error: Oops: 80000007 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 1 PID: 1 Comm: init Not tainted 4.1.15-03448-g3749667-dirty #41
Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
task: d8070000 ti: d8056000 task.ti: d8056000
PC is at 0x0
LR is at config_usb_cfg_unlink+0xfc/0x10c
pc : [<00000000>] lr : [<c06d24b4>] psr: a00f0013
<..snip..>
[<c06d24b4>] (config_usb_cfg_unlink) from [<c026bfe4>] (configfs_unlink+0x110/0x1a4)
[<c026bfe4>] (configfs_unlink) from [<c020d894>] (vfs_unlink+0xcc/0x1a8)
[<c020d894>] (vfs_unlink) from [<c0212a3c>] (do_unlinkat+0x230/0x264)
...
---------------
Add sanity check for NULL pointer in usb_put_function, as some
functions doesn't have func->free_func implemented.
Signed-off-by: Winter Wang <wente.wang@xxxxxxx>
---
drivers/usb/gadget/functions.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/gadget/functions.c b/drivers/usb/gadget/functions.c
index 389c1f3..8f9f932 100644
--- a/drivers/usb/gadget/functions.c
+++ b/drivers/usb/gadget/functions.c
@@ -80,7 +80,7 @@ EXPORT_SYMBOL_GPL(usb_put_function_instance);
void usb_put_function(struct usb_function *f)
{
- if (!f)
+ if (!f || !f->free_func)
return;
f->free_func(f);
--
1.9.1
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
