On Fri, Jan 07, 2011 at 06:27:21PM +0300, Sergei Shtylyov wrote:
> On 07.01.2011 2:49, Greg Kroah-Hartman wrote:
>
> >From: Felipe Balbi <balbi@xxxxxx>
>
> >Case we can't allocate struct musb_request,
> >prevent a NULL pointer dereference by returning
> >early.
>
> It's the first time I see this patch, so have no choice but comment here.
>
> >Signed-off-by: Felipe Balbi<balbi@xxxxxx>
> [...]
>
> >diff --git a/drivers/usb/musb/musb_gadget.c b/drivers/usb/musb/musb_gadget.c
> >index 5d81504..edff014 100644
> >--- a/drivers/usb/musb/musb_gadget.c
> >+++ b/drivers/usb/musb/musb_gadget.c
> >@@ -1072,13 +1072,16 @@ struct usb_request *musb_alloc_request(struct usb_ep *ep, gfp_t gfp_flags)
> > struct musb_request *request = NULL;
> >
> > request = kzalloc(sizeof *request, gfp_flags);
> >- if (request) {
> >- INIT_LIST_HEAD(&request->request.list);
> >- request->request.dma = DMA_ADDR_INVALID;
> >- request->epnum = musb_ep->current_epnum;
> >- request->ep = musb_ep;
> >+ if (!request) {
> >+ DBG(4, "not enough memory\n");
> >+ return NULL;
> > }
> >
> >+ INIT_LIST_HEAD(&request->request.list);
> >+ request->request.dma = DMA_ADDR_INVALID;
> >+ request->epnum = musb_ep->current_epnum;
> >+ request->ep = musb_ep;
> >+
> > return &request->request;
>
> I see no dereference here... Felipe, could you elaborate?
request would have been dereferenced even if request was NULL, see the
return statement:
return &request->request;
--
balbi
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
