On Sun, Dec 29, 2019 at 06:22:39PM +0100, Greg Kroah-Hartman wrote:
> From: Yang Yingliang <yangyingliang@xxxxxxxxxx>
>
> [ Upstream commit 649cd16c438f51d4cd777e71ca1f47f6e0c5e65d ]
>
> If usb_set_interface() failed, iface->cur_altsetting will
> not be assigned and it will be used in flexcop_usb_transfer_init()
> It may lead a NULL pointer dereference.
>
> Check usb_set_interface() return value in flexcop_usb_init()
> and return failed to avoid using this NULL pointer.
>
> Signed-off-by: Yang Yingliang <yangyingliang@xxxxxxxxxx>
> Signed-off-by: Sean Young <sean@xxxxxxxx>
> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@xxxxxxxxxx>
> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
This commit is bogus and should be dropped from all stable queues.
Contrary to what the commit message claims, iface->cur_altsetting will
never be NULL so there's no risk for a NULL-pointer dereference here.
Even though the change itself is benign, we shouldn't spread this
confusion further.
> ---
> drivers/media/usb/b2c2/flexcop-usb.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c
> index 1a801dc286f8..d1331f828108 100644
> --- a/drivers/media/usb/b2c2/flexcop-usb.c
> +++ b/drivers/media/usb/b2c2/flexcop-usb.c
> @@ -504,7 +504,13 @@ urb_error:
> static int flexcop_usb_init(struct flexcop_usb *fc_usb)
> {
> /* use the alternate setting with the larges buffer */
> - usb_set_interface(fc_usb->udev,0,1);
> + int ret = usb_set_interface(fc_usb->udev, 0, 1);
> +
> + if (ret) {
> + err("set interface failed.");
> + return ret;
> + }
> +
> switch (fc_usb->udev->speed) {
> case USB_SPEED_LOW:
> err("cannot handle USB speed because it is too slow.");
Johan
