usb: wusbcore: adjust iterator correctly when searching for ep comp descriptor

If the endpoint companion descriptor is not the first descriptor in the
extra descriptor buffer of a usb_host_endpoint, the loop in
rpipe_epc_find will get its buffer pointer and remaining size values out
of sync.  The buffer ptr 'itr' is advanced by the descriptor's bLength
field but the remaining size value 'itr_size' is decremented by the
bDescriptorType field which is incorrect.  This patch fixes the loop to
decrement itr_size by bLength as it should.

Signed-off-by: Thomas Pugliese <thomas.pugliese@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/wusbcore/wa-rpipe.c b/drivers/usb/wusbcore/wa-rpipe.c
index 6ca80a4efc1bdd7c7c29af0019ac7acc9f968927..6d6da127f6de0578361eac94a11f841254d283cd 100644 (file)
--- a/drivers/usb/wusbcore/wa-rpipe.c
+++ b/drivers/usb/wusbcore/wa-rpipe.c
@@ -298,7 +298,7 @@ static struct usb_wireless_ep_comp_descriptor *rpipe_epc_find(
                        break;
                }
                itr += hdr->bLength;
-               itr_size -= hdr->bDescriptorType;
+               itr_size -= hdr->bLength;
        }
 out:
        return epcd;