3.2.92-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Johan Hovold <johan@xxxxxxxxxx> commit 03eb2a557ed552e920a0942b774aaf931596eec1 upstream. Make sure to check for the required out endpoint to avoid dereferencing a NULL-pointer in mce_request_packet should a malicious device lack such an endpoint. Note that this path is hit during probe. Fixes: 66e89522aff7 ("V4L/DVB: IR: add mceusb IR receiver driver") Signed-off-by: Johan Hovold <johan@xxxxxxxxxx> Signed-off-by: Sean Young <sean@xxxxxxxx> Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxxx> [bwh: Backported to 3.2: using mce_dbg() instead of dev_dbg()] Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx> --- drivers/media/rc/mceusb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/media/rc/mceusb.c +++ b/drivers/media/rc/mceusb.c @@ -1301,8 +1301,8 @@ static int __devinit mceusb_dev_probe(st "found\n"); } } - if (ep_in == NULL) { - mce_dbg(&intf->dev, "inbound and/or endpoint not found\n"); + if (!ep_in || !ep_out) { + mce_dbg(&intf->dev, "required endpoints not found\n"); return -ENODEV; }