Since uzonesize may be zero, so judgements for non-zero are nessesary in both place. Changes since v1: - Add one more check in alauda_write_lba(). - Move check ahead of loop in alauda_read_data(). Reported-by: xingwei lee <xrivendell7@xxxxxxxxx> Reported-by: yue sun <samsun1006219@xxxxxxxxx> Signed-off-by: Shichao Lai <shichaorai@xxxxxxxxx> --- drivers/usb/storage/alauda.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/usb/storage/alauda.c b/drivers/usb/storage/alauda.c index 115f05a6201a..17c73acd3b02 100644 --- a/drivers/usb/storage/alauda.c +++ b/drivers/usb/storage/alauda.c @@ -813,6 +813,8 @@ static int alauda_write_lba(struct us_data *us, u16 lba, unsigned char ecc[3]; int i, result; unsigned int uzonesize = MEDIA_INFO(us).uzonesize; + if (!uzonesize) + return USB_STOR_TRANSPORT_ERROR; unsigned int zonesize = MEDIA_INFO(us).zonesize; unsigned int pagesize = MEDIA_INFO(us).pagesize; unsigned int blocksize = MEDIA_INFO(us).blocksize; @@ -921,6 +923,8 @@ static int alauda_read_data(struct us_data *us, unsigned long address, unsigned int blocksize = MEDIA_INFO(us).blocksize; unsigned int pagesize = MEDIA_INFO(us).pagesize; unsigned int uzonesize = MEDIA_INFO(us).uzonesize; + if (!uzonesize) + return USB_STOR_TRANSPORT_ERROR; struct scatterlist *sg; int result; -- 2.34.1
