Zekun Shen <bruceshenzk@xxxxxxxxx> wrote: > Function ep_rx_complete is being called without NULL checking > in ath10k_htc_rx_completion_handler. Without such check, mal- > formed packet is able to cause jump to NULL. > > ep->service_id seems a good candidate for sanity check as it is > used in usb.c. > > Signed-off-by: Zekun Shen <bruceshenzk@xxxxxxxxx> > Signed-off-by: Kalle Valo <kvalo@xxxxxxxxxxxxxx> Patch applied to ath-next branch of ath.git, thanks. d18ba9f1351c ath10k: sanitity check for ep connectivity -- https://patchwork.kernel.org/project/linux-wireless/patch/20200622022055.16028-1-bruceshenzk@xxxxxxxxx/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
