W dniu 18.02.2014 17:40, Felipe Balbi pisze:
On Fri, Jan 17, 2014 at 05:04:55PM +0100, Michal Nazarewicz wrote:
On Thu, Jan 16 2014, Andrzej Pietrasiewicz wrote:
Fix possible NULL pointer dereference introduced in
219580e64f035bb9018dbb08d340f90b0ac50f8c
usb: f_fs: check quirk to pad epout buf size when not aligned to
maxpacketsize
after 3.13-rc1.
In cases we do wait with:
wait_event_interruptible(epfile->wait, (ep = epfile->ep));
for endpoint to be enabled, functionfs_bind() has not been called yet
and epfile->ffs->gadget is still NULL and the automatic variable 'gadget'
has been initialized with NULL at the point of its definition.
Later on it is used as a parameter to:
usb_ep_align_maybe(gadget, ep->ep, len)
which in turn dereferences it.
This patch fixes it by moving the actual assignment to the local 'gadget'
variable after the potential waiting has completed.
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@xxxxxxxxxxx>
Acked-by: Michal Nazarewicz <mina86@xxxxxxxxxx>
But since gadget is only used in the “if (!halt)” part of the code,
could you simply move definition of the variable inside the if?
should I wait for another revision ?
It has already been submitted:
http://www.spinics.net/lists/linux-usb/msg101199.html
AP
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html