> The usb_maxpacket() routine does a two-step computation. First, it > looks up the endpoint number in the pipe to get a usb_host_endpoint > pointer, and then it uses the pointer to get the maxpacket value. > Coverity complained that the lookup in the first step can fail, and that > is in fact true: If there is an interface or configuration change before > usb_maxpacket() is called, the endpoint number table can change and the > lookup may fail. > > But it turns out the first step isn't needed here at all, since the > endpoint pointer is already stored in the URB (by the code in That makes sense. Thanks for explaining. > usb_submit_urb() that I pointed out earlier). So an appropriate way to > fix the problem is to carry out just the second step: > > - maxpacket = usb_maxpacket(urb->dev, urb->pipe); > + maxpacket = usb_endpoint_maxp(&urb->ep->desc); > > This holds for both of your patches. Got you. > > Alan Stern -- Khalid Masum
