Since uzonesize may be zero, so judgements for non-zero are nessesary in both place. Previous check is moved out of loop, and one more check is added in alauda_write_lba. Reported-by: xingwei lee <xrivendell7@xxxxxxxxx> Reported-by: yue sun <samsun1006219@xxxxxxxxx> Signed-off-by: Shichao Lai <shichaorai@xxxxxxxxx> --- drivers/usb/storage/alauda.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/storage/alauda.c b/drivers/usb/storage/alauda.c index 115f05a6201a..a6e60ef5cb0d 100644 --- a/drivers/usb/storage/alauda.c +++ b/drivers/usb/storage/alauda.c @@ -818,6 +818,8 @@ static int alauda_write_lba(struct us_data *us, u16 lba, unsigned int blocksize = MEDIA_INFO(us).blocksize; unsigned int lba_offset = lba % uzonesize; unsigned int new_pba_offset; + if (!uzonesize) + return USB_STOR_TRANSPORT_ERROR; unsigned int zone = lba / uzonesize; alauda_ensure_map_for_zone(us, zone); @@ -923,6 +925,8 @@ static int alauda_read_data(struct us_data *us, unsigned long address, unsigned int uzonesize = MEDIA_INFO(us).uzonesize; struct scatterlist *sg; int result; + if (!uzonesize) + return USB_STOR_TRANSPORT_ERROR; /* * Since we only read in one block at a time, we have to create -- 2.34.1
