On Wed, Oct 09, 2019 at 06:02:02PM -0700, Yizhuo wrote: > Inside function usb_device_is_owned(), usb_hub_to_struct_hub() > could return NULL but there's no check before its dereference, > which is potentially unsafe. > > Signed-off-by: Yizhuo <yzhai003@xxxxxxx> > --- > drivers/usb/core/hub.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c > index 236313f41f4a..8d628c8e0c1b 100644 > --- a/drivers/usb/core/hub.c > +++ b/drivers/usb/core/hub.c > @@ -1977,7 +1977,7 @@ bool usb_device_is_owned(struct usb_device *udev) > if (udev->state == USB_STATE_NOTATTACHED || !udev->parent) > return false; > hub = usb_hub_to_struct_hub(udev->parent); > - return !!hub->ports[udev->portnum - 1]->port_owner; > + return hub && !!hub->ports[udev->portnum - 1]->port_owner; How can hub ever not be valid? thanks, greg k-h
