Re: [PATCH] USB: EHCI: fix dereference of ERR_PTR
From: Sergei Shtylyov
Date: Wed Sep 16 2015 - 10:25:41 EST
Hello.
On 9/16/2015 5:08 PM, Sudip Mukherjee wrote:
On error find_tt() returns either a NULL pointer or the error value in
ERR_PTR. But we were dereferencing it directly without even checking if
find_tt() returned a valid pointer or not.
Signed-off-by: Sudip Mukherjee <sudip@xxxxxxxxxxxxxxx>
---
drivers/usb/host/ehci-sched.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c
index f9a3327..27bced7 100644
--- a/drivers/usb/host/ehci-sched.c
+++ b/drivers/usb/host/ehci-sched.c
@@ -257,6 +257,8 @@ static void reserve_release_intr_bandwidth(struct ehci_hcd *ehci,
/* FS/LS bus bandwidth */
if (tt_usecs) {
tt = find_tt(qh->ps.udev);
+ if (!tt || IS_ERR(tt))
There's IS_ERR_OR_NULL()?
+ return;
if (sign > 0)
list_add_tail(&qh->ps.ps_list, &tt->ps_list);
else
@@ -1373,6 +1375,8 @@ static void reserve_release_iso_bandwidth(struct ehci_hcd *ehci,
}
tt = find_tt(stream->ps.udev);
+ if (!tt || IS_ERR(tt))
Likewise.
[...]
MBR, Sergei
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/