On Wed, Mar 28, 2012 at 09:30:50AM +0200, Andrzej Pietrasiewicz wrote:
> usb: gadget: eliminate NULL pointer dereference (bugfix)
>
> This patch fixes a bug which causes NULL pointer dereference in
> ffs_ep0_ioctl. The bug happens when the FunctionFS is not bound (either
> has not been bound yet or has been bound and then unbound) and can be
> reproduced with running the following commands:
>
> $ insmod g_ffs.ko
> $ mount -t functionfs func /dev/usbgadget
> $ ./null
>
> where null.c is:
>
> #include <fcntl.h>
> #include <linux/usb/functionfs.h>
>
> int main(void)
> {
> int fd = open("/dev/usbgadget/ep0", O_RDWR);
> ioctl(fd, FUNCTIONFS_CLEAR_HALT);
>
> return 0;
> }
>
> Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@xxxxxxxxxxx>
> Signed-off-by: Kyungmin Park <kyungmin.park@xxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
applied, thanks
--
balbi
Attachment:
signature.asc
Description: Digital signature
