On Sun, Dec 29, 2019 at 06:22:39PM +0100, Greg Kroah-Hartman wrote:
From: Yang Yingliang yangyingliang@huawei.com
[ Upstream commit 649cd16c438f51d4cd777e71ca1f47f6e0c5e65d ]
If usb_set_interface() failed, iface->cur_altsetting will not be assigned and it will be used in flexcop_usb_transfer_init() It may lead a NULL pointer dereference.
Check usb_set_interface() return value in flexcop_usb_init() and return failed to avoid using this NULL pointer.
Signed-off-by: Yang Yingliang yangyingliang@huawei.com Signed-off-by: Sean Young sean@mess.org Signed-off-by: Mauro Carvalho Chehab mchehab+samsung@kernel.org Signed-off-by: Sasha Levin sashal@kernel.org
This commit is bogus and should be dropped from all stable queues.
Contrary to what the commit message claims, iface->cur_altsetting will never be NULL so there's no risk for a NULL-pointer dereference here.
Even though the change itself is benign, we shouldn't spread this confusion further.
drivers/media/usb/b2c2/flexcop-usb.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c index 1a801dc286f8..d1331f828108 100644 --- a/drivers/media/usb/b2c2/flexcop-usb.c +++ b/drivers/media/usb/b2c2/flexcop-usb.c @@ -504,7 +504,13 @@ urb_error: static int flexcop_usb_init(struct flexcop_usb *fc_usb) { /* use the alternate setting with the larges buffer */
- usb_set_interface(fc_usb->udev,0,1);
- int ret = usb_set_interface(fc_usb->udev, 0, 1);
- if (ret) {
err("set interface failed.");return ret;- }
- switch (fc_usb->udev->speed) { case USB_SPEED_LOW: err("cannot handle USB speed because it is too slow.");
Johan