Also, you sent 2 patches, with identical subject lines, but they did different things. That's not ok as you know.
My apologies for the mistake. I will separate them properly in the next version of the patch series.
And I think you really need to test this on hardware. How could that request ever have a windex set to greater than 3? Is that a hardware value or a user-controlled value?
The wIndex field of a SETUP packet is sent by the USB host and can be controlled by a malicious or malformed host. This same class of vulnerability was identified and fixed in other UDC drivers, as described in CVE-2022-27223 and fixed in the xilinx UDC driver by commit 7f14c7227f34 ("USB: gadget: validate endpoint index for xilinx udc").
Following this established pattern, I added the necessary bounds check to the max3420_udc driver before wIndex is used to access the endpoint array.
Thank you.
Seungjin Bae