review.tizen.org Git - platform/kernel/linux-3.10.git/commit

author	Andrzej Pietrasiewicz <andrzej.p@samsung.com>
	Mon, 20 Jan 2014 07:32:43 +0000 (08:32 +0100)
committer	Chanho Park <chanho61.park@samsung.com>
	Tue, 18 Nov 2014 02:46:54 +0000 (11:46 +0900)
commit	188fac59e173f55a41d3255b3ecada14081dee02
tree	df9852c09d8a66b9d1c8f7854a784fa467a04b1f	tree \| snapshot
parent	10399625d0ca5f8bdbb4570021c4844fe7b243df	commit \| diff

usb: gadget: fix NULL pointer dereference

Fix possible NULL pointer dereference introduced in

219580e64f035bb9018dbb08d340f90b0ac50f8c
usb: f_fs: check quirk to pad epout buf size when not aligned to
maxpacketsize

In cases we do wait with:

wait_event_interruptible(epfile->wait, (ep = epfile->ep));

for endpoint to be enabled, functionfs_bind() has not been called yet
and epfile->ffs->gadget is still NULL and the automatic variable 'gadget'
has been initialized with NULL at the point of its definition.
Later on it is used as a parameter to:

usb_ep_align_maybe(gadget, ep->ep, len)

which in turn dereferences it.

This patch fixes it by moving the actual assignment to the local 'gadget'
variable after the potential waiting has completed.

Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>