f_fastboot: Avoid use-after-free in the global pointer variable

In case of usb_add_function() failure the error path has an issue,
i.e the global pointer variable is assigned to garbage

Fix the above mentioned issue by assigning pointer to NULL.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

diff --git a/drivers/usb/gadget/f_fastboot.c b/drivers/usb/gadget/f_fastboot.c
index d1d087e12b2b1b32e22916e27451c9ef11357247..d0d865cf3d083f91f4dad9245f8c33a7b031daf7 100644 (file)
--- a/drivers/usb/gadget/f_fastboot.c
+++ b/drivers/usb/gadget/f_fastboot.c
@@ -315,7 +315,7 @@ static int fastboot_add(struct usb_configuration *c)
        status = usb_add_function(c, &f_fb->usb_function);
        if (status) {
                free(f_fb);
-               fastboot_func = f_fb;
+               fastboot_func = NULL;
        }
 
        return status;