On Tue, Feb 18, 2014 at 10:40:12AM -0600, Felipe Balbi wrote: > On Fri, Jan 17, 2014 at 05:04:55PM +0100, Michal Nazarewicz wrote: > > On Thu, Jan 16 2014, Andrzej Pietrasiewicz wrote: > > > Fix possible NULL pointer dereference introduced in > > > > > > 219580e64f035bb9018dbb08d340f90b0ac50f8c > > > usb: f_fs: check quirk to pad epout buf size when not aligned to > > > maxpacketsize > > > > > > after 3.13-rc1. > > > > > > In cases we do wait with: > > > > > > wait_event_interruptible(epfile->wait, (ep = epfile->ep)); > > > > > > for endpoint to be enabled, functionfs_bind() has not been called yet > > > and epfile->ffs->gadget is still NULL and the automatic variable 'gadget' > > > has been initialized with NULL at the point of its definition. > > > Later on it is used as a parameter to: > > > > > > usb_ep_align_maybe(gadget, ep->ep, len) > > > > > > which in turn dereferences it. > > > > > > This patch fixes it by moving the actual assignment to the local 'gadget' > > > variable after the potential waiting has completed. > > > > > > Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@xxxxxxxxxxx> > > > > Acked-by: Michal Nazarewicz <mina86@xxxxxxxxxx> > > > > But since gadget is only used in the “if (!halt)” part of the code, > > could you simply move definition of the variable inside the if? > > should I wait for another revision ? nevermind, you already sent it ;-) -- balbi
Attachment:
signature.asc
Description: Digital signature