usb: gadget: lpc32xxx_udc: Fix NULL dereference

udc is then checked for NULL, if NULL, it is then dereferenced as
udc->dev, it is found using Coccinelle.

We simplify the code to fix this problem, and we delete some conditions
at if {} which will never be met.

Reported-by: Tapasweni Pathak <tapaswenipathak@gmail.com>
Reported-by : Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>

diff --git a/drivers/usb/gadget/udc/lpc32xx_udc.c b/drivers/usb/gadget/udc/lpc32xx_udc.c
index 27fd41333f71ffcb31c24ffe05f71a48d988c20f..3b6a7852822d4aca3832876dabae212241268efd 100644 (file)
--- a/drivers/usb/gadget/udc/lpc32xx_udc.c
+++ b/drivers/usb/gadget/udc/lpc32xx_udc.c
@@ -1803,23 +1803,14 @@ static int lpc32xx_ep_queue(struct usb_ep *_ep,
        req = container_of(_req, struct lpc32xx_request, req);
        ep = container_of(_ep, struct lpc32xx_ep, ep);
 
-       if (!_req || !_req->complete || !_req->buf ||
+       if (!_ep || !_req || !_req->complete || !_req->buf ||
            !list_empty(&req->queue))
                return -EINVAL;
 
        udc = ep->udc;
 
-       if (!_ep) {
-               dev_dbg(udc->dev, "invalid ep\n");
-               return -EINVAL;
-       }
-
-
-       if ((!udc) || (!udc->driver) ||
-           (udc->gadget.speed == USB_SPEED_UNKNOWN)) {
-               dev_dbg(udc->dev, "invalid device\n");
-               return -EINVAL;
-       }
+       if (udc->gadget.speed == USB_SPEED_UNKNOWN)
+               return -EPIPE;
 
        if (ep->lep) {
                struct lpc32xx_usbd_dd_gad *dd;