Santhapuri, Damodar wrote:
From: Damodar Santhapuri <x0132156@xxxxxx>
Checking for null pointer assignments and variable initialization in MUSB driver
Signed-off-by: Damodar Santhapuri <x0132156@xxxxxx>
---
drivers/usb/musb/musb_host.c | 22 +++++++++++++++++++++-
1 files changed, 21 insertions(+), 1 deletions(-)
diff --git a/drivers/usb/musb/musb_host.c b/drivers/usb/musb/musb_host.c index 74c4c36..787b600 100644
--- a/drivers/usb/musb/musb_host.c
+++ b/drivers/usb/musb/musb_host.c
@@ -207,6 +207,10 @@ musb_start_urb(struct musb *musb, int is_in, struct musb_qh *qh)
u32 len;
void __iomem *mbase = musb->mregs;
struct urb *urb = next_urb(qh);
+ if (urb == NULL) {
Can this really happen? I think not.
+ DBG(3, "urb might NULL Pointer");
That's not proper English.
+ return;
+ }
Have you tried to compile this? If you had, you'd get a warning about
mixing code and declarations I guess...
void *buf = urb->transfer_buffer;
u32 offset = 0;
struct musb_hw_ep *hw_ep = qh->hw_ep;
@@ -1392,6 +1396,10 @@ static void musb_bulk_rx_nak_timeout(struct musb *musb, struct musb_hw_ep *ep)
cur_qh = first_qh(&musb->in_bulk);
if (cur_qh) {
urb = next_urb(cur_qh);
+ if (urb == NULL) {
Can this really happen? QHs with empty URB lists should not be
scheduled and in case one is.
+ DBG(3, "urb pointer might be NULL");
It's already NULL, why "might be"?
+ return;
+ }
if (dma_channel_status(dma) == MUSB_DMA_STATUS_BUSY) {
dma->status = MUSB_DMA_STATUS_CORE_ABORT;
musb->dma_controller->channel_abort(dma);
@@ -1405,6 +1413,10 @@ static void musb_bulk_rx_nak_timeout(struct musb *musb, struct musb_hw_ep *ep)
/* get the next qh from musb->in_bulk */
next_qh = first_qh(&musb->in_bulk);
+ if (next_qh == NULL) {
Can this really happen?
+ DBG(3, "urb pointer might be NULL pointer");
+ return;
+ }
/* set rx_reinit and schedule the next qh */
ep->rx_reinit = 1;
@@ -1766,7 +1778,7 @@ static int musb_schedule(
struct musb_qh *qh,
int is_in)
{
- int idle;
+ int idle = 0;
int best_diff;
int best_end, epnum;
struct musb_hw_ep *hw_ep = NULL;
@@ -2178,6 +2190,10 @@ musb_h_disable(struct usb_hcd *hcd, struct usb_host_endpoint *hep)
qh->is_ready = 0;
if (musb_ep_get_qh(qh->hw_ep, is_in) == qh) {
urb = next_urb(qh);
+ if (urb == NULL) {
Can this really happen? QHs with empty URB lists should not be
scheduled and in case one is.
+ DBG(3, "urb might be NULL pointer");
+ return;
+ }
/* make software (then hardware) stop ASAP */
if (!urb->unlinked)
@@ -2191,6 +2207,10 @@ musb_h_disable(struct usb_hcd *hcd, struct usb_host_endpoint *hep)
*/
while (!list_empty(&hep->urb_list)) {
urb = next_urb(qh);
+ if (urb == NULL) {
This can't really happen as we just checked this with list_empty().
+ DBG(3, "urb might be NULL pointer");
+ return;
+ }
urb->status = -ESHUTDOWN;
musb_advance_schedule(musb, urb, qh->hw_ep, is_in);
}
WBR, Sergei
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
