Inside function usb_device_is_owned(), usb_hub_to_struct_hub() could return NULL but there's no check before its dereference, which is potentially unsafe. Signed-off-by: Yizhuo <yzhai003@xxxxxxx> --- drivers/usb/core/hub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index 236313f41f4a..8d628c8e0c1b 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -1977,7 +1977,7 @@ bool usb_device_is_owned(struct usb_device *udev) if (udev->state == USB_STATE_NOTATTACHED || !udev->parent) return false; hub = usb_hub_to_struct_hub(udev->parent); - return !!hub->ports[udev->portnum - 1]->port_owner; + return hub && !!hub->ports[udev->portnum - 1]->port_owner; } static void recursively_mark_NOTATTACHED(struct usb_device *udev) -- 2.17.1
