https://bugzilla.kernel.org/show_bug.cgi?id=212995 Bug ID: 212995 Summary: A possible divide by zero in qh_urb_transaction Product: Drivers Version: 2.5 Kernel Version: 5.12.2 Hardware: All OS: Linux Tree: Mainline Status: NEW Severity: normal Priority: P1 Component: USB Assignee: drivers_usb@xxxxxxxxxxxxxxxxxxxxxx Reporter: yguoaz@xxxxxxxxx Regression: No In the file drivers/usb/host/ehci-q.c, the function qh_urb_transaction has the following code (link to the code location: https://github.com/torvalds/linux/blob/dd860052c99b1e088352bdd4fb7aef46f8d2ef47/drivers/usb/host/ehci-q.c#L715): maxpacket = usb_maxpacket(urb->dev, urb->pipe, !is_input); ... if (usb_pipeout(urb->pipe) && (urb->transfer_flags & URB_ZERO_PACKET) && !(urb->transfer_buffer_length % maxpacket)) However, the function usb_maxpacket may retun 0, leading to a possible divide zero problem in the remainder operation: static inline __u16 usb_maxpacket(struct usb_device *udev, int pipe, int is_out) { struct usb_host_endpoint *ep; ... if (!ep) return 0; ... } -- You may reply to this email to add a comment. You are receiving this mail because: You are watching the assignee of the bug.
