As noted by Dan Carpenter, io_edgeport does DMA to stack and fails to handle errors in get_string(). The latter could result in corrupted debug strings. Use usb_string instead of custom implementation to retrieve and convert strings to utf-8. Reported-by: Dan Carpenter <error27@xxxxxxxxx> Signed-off-by: Johan Hovold <jhovold@xxxxxxxxx> --- drivers/usb/serial/io_edgeport.c | 24 +++++------------------- 1 files changed, 5 insertions(+), 19 deletions(-) diff --git a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c index b97960a..711b414 100644 --- a/drivers/usb/serial/io_edgeport.c +++ b/drivers/usb/serial/io_edgeport.c @@ -372,31 +372,17 @@ static void update_edgeport_E2PROM(struct edgeport_serial *edge_serial) ************************************************************************/ static int get_string(struct usb_device *dev, int Id, char *string, int buflen) { - struct usb_string_descriptor StringDesc; - struct usb_string_descriptor *pStringDesc; + int ret; dbg("%s - USB String ID = %d", __func__, Id); - if (!usb_get_descriptor(dev, USB_DT_STRING, Id, - &StringDesc, sizeof(StringDesc))) - return 0; - - pStringDesc = kmalloc(StringDesc.bLength, GFP_KERNEL); - if (!pStringDesc) - return 0; - - if (!usb_get_descriptor(dev, USB_DT_STRING, Id, - pStringDesc, StringDesc.bLength)) { - kfree(pStringDesc); + ret = usb_string(dev, Id, string, buflen); + if (ret < 0) return 0; - } - - unicode_to_ascii(string, buflen, - pStringDesc->wData, pStringDesc->bLength/2); - kfree(pStringDesc); dbg("%s - USB String %s", __func__, string); - return strlen(string); + + return ret; } -- 1.6.6.1 -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html