From: Colin Ian King Date: Mon, 5 Sep 2016 15:37:12 +0000 (+0100) Subject: usb: gadget: prevent potenial null pointer dereference on skb->len X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3ff488ab6000f1338684b227c499450317519cc1;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git usb: gadget: prevent potenial null pointer dereference on skb->len An earlier fix partially fixed the null pointer dereference on skb->len by moving the assignment of len after the check on skb being non-null, however it failed to remove the erroneous dereference when assigning len. Correctly fix this by removing the initialisation of len as was originally intended. Fixes: 70237dc8efd092 ("usb: gadget: function: f_eem: socket buffer may be NULL") Acked-by: Peter Chen Signed-off-by: Colin Ian King Signed-off-by: Felipe Balbi --- diff --git a/drivers/usb/gadget/function/f_eem.c b/drivers/usb/gadget/function/f_eem.c index 8741fd740174..007ec6e4a5d4 100644 --- a/drivers/usb/gadget/function/f_eem.c +++ b/drivers/usb/gadget/function/f_eem.c @@ -342,7 +342,7 @@ static struct sk_buff *eem_wrap(struct gether *port, struct sk_buff *skb) struct sk_buff *skb2 = NULL; struct usb_ep *in = port->in_ep; int headroom, tailroom, padlen = 0; - u16 len = skb->len; + u16 len; if (!skb) return NULL;